<!doctype html>
<html lang="en">

<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width,initial-scale=1">
    <title>KICS Scan Result</title>
    <style>
        * {
            margin: 0;
            padding: 0;
            outline: 0;
            box-sizing: border-box
        }

        body {
            font-family: sans-serif
        }

        .container {
            display: flex;
            align-items: center;
            flex-direction: column;
            margin: 5px;
            border: 1px solid #bebebe
        }

        .run-info {
            display: flex;
            flex-wrap: wrap;
            border: 1px solid #bebebe;
            margin-top: 10px;
            width: 50vw
        }

        .run-info>span {
            flex-basis: 50%;
            text-align: center
        }

        .counters {
            display: flex;
            flex-direction: row;
            margin: 22px 0
        }

        .report-header-footer {
            display: flex;
            flex-direction: row;
            justify-content: space-between;
            border-bottom: 1px solid #bebebe;
            width: 100%;
            padding: 15px 21px;
            background-color: #503e9e;
            height: 50px;
            font-weight: 700;
            font-size: 14px;
            color: #fff;
            cursor: default;
            user-select: none
        }

        .report-header-footer>a {
            color: inherit;
            text-decoration: inherit
        }

        .report-header-footer>.title {
            font-size: 18px
        }

        .report-header-footer>.title>span {
            color: #000
        }

        .report-header-footer>.timestamp {
            font-weight: 400;
            font-style: italic;
            opacity: .5
        }

        .severity {
            display: flex;
            flex-direction: column;
            cursor: pointer;
            position: relative;
            margin: 0 22px;
            align-items: center
        }

        .severity>.caption.selected {
            text-decoration: underline overline
        }

        .badge {
            color: #fff;
            border: 2px solid #e8e8e8;
            border-radius: 50%;
            cursor: default;
            user-select: none;
            padding: 3px;
            font-size: 10px;
            display: flex;
            align-items: center;
            justify-content: center;
            width: 30px;
            height: 30px;
            position: absolute;
            left: 60%;
            top: 50%
        }

        .kics-orange {
            color: #fc6e3a
        }

        .kics-orange>svg {
            fill: #fc6e3a
        }

        .kics-orange~.badge {
            background-color: #503e9e
        }

        .kics-purple {
            color: #503e9e
        }

        .kics-purple>svg {
            fill: #503e9e
        }

        .kics-purple~.badge {
            background-color: #fc6e3a
        }

        .severity>.icon>svg {
            width: 80px;
            height: auto
        }

        .severity>.caption {
            font-size: 16px;
            font-weight: bolder;
            user-select: none;
            cursor: default
        }

        .separator {
            border-top: 1px solid #979797;
            opacity: .5;
            width: 95%;
            margin: 22px 0
        }

        .query {
            width: 95vw
        }

        .query-title {
            display: flex;
            align-items: flex-start;
            flex-direction: column;
            width: 100%
        }

        .query-title>h2 {
            display: flex
        }

        .query-title>h2>div {
            width: 20px;
            margin-right: 12px;
            margin-left: -30px
        }

        .query>* {
            margin-left: 30px
        }

        .query-info {
            display: flex;
            flex-direction: column;
            justify-content: space-between
        }

        .query-details {
            margin: 12px 0;
            display: flex;
            flex-direction: column;
            text-align: justify
        }

        .query-details>span.query-description-title {
            font-size: 18px;
            margin-top: 5px
        }

        .query-details>span.cis-description-text {
            margin-top: 5px
        }

        .query-details>span:last-child {
            font-size: 14px
        }

        .vulnerable-info {
            border: 1px #969696 solid;
            border-radius: 2px;
            display: flex;
            flex-direction: column;
            margin: 6px 9px
        }

        .vulnerable-info-header {
            display: flex;
            flex-direction: row;
            justify-content: space-between;
            margin: 6px 9px
        }

        .vulnerable-info-details {
            display: flex;
            flex-direction: column;
            margin: 6px 9px
        }

        .vulnerable-info-details>span>strong {
            width: 5vw
        }

        .code-box {
            display: flex;
            flex-direction: column;
            background-color: #503e9e10
        }

        .code-line {
            display: flex;
            flex-direction: row;
            align-items: center;
            height: 20px
        }

        .code-box>.error {
            background-color: #fc6e3a50
        }

        .code-line>.code-line-counter {
            font-size: 10px;
            margin-left: 9px;
            margin-right: 10vw
        }

        .code-line>.code {
            font-family: monospace;
            font-size: 16px
        }

        .kics-message {
            margin: 24px 30vw;
            text-align: center
        }

        .love {
            color: #503e9d;
            font-style: italic
        }

        .social-networks {
            display: flex;
            flex-direction: row;
            align-items: center;
            justify-content: center;
            margin-bottom: 24px
        }

        .social-networks>a {
            margin: 0 15px
        }

        .social-networks>a>div>svg {
            width: 20px;
            height: 20px
        }

        .footer-text {
            font-style: italic;
            opacity: .5;
            font-weight: 400;
            width: 100%;
            display: flex;
            align-self: center;
            justify-content: center
        }

        a.checkmarx,
        a.checkmarx:visited,
        a.checkmarx:hover,
        a.checkmarx:active {
            cursor: pointer;
            font-weight: 700;
            text-decoration: underline;
            color: #fff;
            opacity: .8
        }

        .hide {
            display: none
        }

        summary {
            cursor: pointer;
            user-select: none;
            font-size: 18px;
            font-weight: 700
        }
    </style>
    <script>function filter(e) { const t = document.querySelectorAll("[data-type='severity']"); t.forEach(t => e !== "TOTAL" && e !== t.getAttribute("data-name") ? t.classList.add("hide") : t.classList.remove("hide")); const n = document.querySelectorAll(".severity > .caption"); n.forEach(t => e && e === t.innerText ? t.classList.add("selected") : t.classList.remove("selected")) }</script>
</head>

<body>
    <div class="container">
        <div class="report-header-footer"><span class="title">KICS <span>REPORT</span></span><span
                class="timestamp">04/23/2022 22:06</span><a href="https://www.kics.io/" rel="noopener"
                target="_blank">KICS.IO</a></div>
        <div class="run-info"><span style="flex-basis:100%" id="scan-paths"><strong>KICS 1.5.1</strong></span>
            <span style="flex-basis:100%" id="scan-paths"><strong>Scanned paths:</strong> .</span>
            <span style="flex-basis:100%" id="scan-platforms"><strong>Platforms:</strong> Dockerfile, Common,
                Kubernetes</span><span id="scan-start-time"><strong>Start time:</strong> 22:06:01, Apr 23 2022</span>
            <span id="scan-end-time"><strong>End time:</strong> 22:06:06, Apr 23 2022</span>
        </div>
        <h2 style="margin-top:41px" class="kics-orange">Vulnerabilities:</h2>
        <div class="counters">
            <div class="severity" onclick="filter('HIGH')">
                <div class="kics-orange icon"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24"
                        height="24px" viewBox="0 0 24 24" width="24px" fill="#000000">
                        <g>
                            <path d="M0,0h24v24H0V0z" fill="none" />
                        </g>
                        <g>
                            <path
                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M13,16h-2v-2h2V16z M13,12h-2V7h2V12z" />
                        </g>
                    </svg></div><span class="badge" id="severity-count-high">29</span>
                <span class="caption">HIGH</span>
            </div>
            <div class="severity" onclick="filter('MEDIUM')">
                <div class="kics-orange icon"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24"
                        height="24px" viewBox="0 0 24 24" width="24px" fill="#000000">
                        <g>
                            <path d="M0,0h24v24H0V0z" fill="none" />
                        </g>
                        <g>
                            <g>
                                <path
                                    d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                <rect height="2" width="2" x="11" y="14" />
                                <rect height="5" width="2" x="11" y="7" />
                            </g>
                        </g>
                    </svg></div><span class="badge" id="severity-count-medium">142</span>
                <span class="caption">MEDIUM</span>
            </div>
            <div class="severity" onclick="filter('LOW')">
                <div class="kics-purple icon"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24"
                        height="24px" viewBox="0 0 24 24" width="24px" fill="#000000">
                        <g>
                            <path d="M0,0h24v24H0V0z" fill="none" />
                        </g>
                        <g>
                            <g>
                                <path
                                    d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                <rect height="2" width="2" x="11" y="14" />
                                <rect height="5" width="2" x="11" y="7" />
                            </g>
                        </g>
                    </svg></div><span class="badge" id="severity-count-low">91</span>
                <span class="caption">LOW</span>
            </div>
            <div class="severity" onclick="filter('INFO')">
                <div class="kics-purple icon"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24"
                        height="24px" viewBox="0 0 24 24" width="24px" fill="#000000">
                        <g>
                            <rect fill="none" height="24" width="24" />
                        </g>
                        <g>
                            <g />
                            <g>
                                <path
                                    d="M21,5l-9-4L3,5v6c0,5.55,3.84,10.74,9,12c2.3-0.56,4.33-1.9,5.88-3.71l-3.12-3.12c-1.94,1.29-4.58,1.07-6.29-0.64 c-1.95-1.95-1.95-5.12,0-7.07c1.95-1.95,5.12-1.95,7.07,0c1.71,1.71,1.92,4.35,0.64,6.29l2.9,2.9C20.29,15.69,21,13.38,21,11V5z" />
                                <circle cx="12" cy="12" r="3" />
                            </g>
                        </g>
                    </svg></div><span class="badge" id="severity-count-info">3</span>
                <span class="caption">INFO</span>
            </div>
            <div class="severity" onclick="filter('TOTAL')">
                <div class="kics-orange icon"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24"
                        height="24px" viewBox="0 0 24 24" width="24px" fill="#000000">
                        <g>
                            <rect fill="none" height="24" width="24" />
                        </g>
                        <g>
                            <g />
                            <g>
                                <path
                                    d="M21,5l-9-4L3,5v6c0,5.55,3.84,10.74,9,12c2.3-0.56,4.33-1.9,5.88-3.71l-3.12-3.12c-1.94,1.29-4.58,1.07-6.29-0.64 c-1.95-1.95-1.95-5.12,0-7.07c1.95-1.95,5.12-1.95,7.07,0c1.71,1.71,1.92,4.35,0.64,6.29l2.9,2.9C20.29,15.69,21,13.38,21,11V5z" />
                                <circle cx="12" cy="12" r="3" />
                            </g>
                        </g>
                    </svg></div><span class="badge" id="severity-count-total">265</span>
                <span class="caption selected">TOTAL</span>
            </div>
        </div>
        <div data-type="severity" data-name="HIGH">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <path
                                            d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M13,16h-2v-2h2V16z M13,12h-2V7h2V12z" />
                                    </g>
                                </svg></div><span class="query-name">Missing User Instruction</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Dockerfile</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Build Process</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">A user should be specified in the
                            dockerfile, otherwise the image will run as root</span><span><a
                                href="https://docs.docker.com/engine/reference/builder/#user" rel="noopener"
                                target="_blank">https://docs.docker.com/engine/reference/builder/#user</a></span></div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-high">15</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/cache-store/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> The 'Dockerfile' contains
                                the 'USER' instruction</span>
                            <span><strong>Found:</strong> The 'Dockerfile' does not contain any 'USER'
                                instruction</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    redis:6-alpine</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/hunger-check/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> The 'Dockerfile' contains
                                the 'USER' instruction</span>
                            <span><strong>Found:</strong> The 'Dockerfile' does not contain any 'USER'
                                instruction</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    ubuntu:18.04</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/internal-api/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> The 'Dockerfile' contains
                                the 'USER' instruction</span>
                            <span><strong>Found:</strong> The 'Dockerfile' does not contain any 'USER'
                                instruction</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    node:alpine</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/k8s-goat-home/Dockerfile</strong>
                            <span>Line 18</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> The 'Dockerfile' contains
                                the 'USER' instruction</span>
                            <span><strong>Found:</strong> The 'Dockerfile' does not contain any 'USER'
                                instruction</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">17</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">18</span><span
                                    class="code">FROM nginx:alpine</span></div>
                            <div class="code-line"><span class="code-line-counter">19</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/info-app/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> The 'Dockerfile' contains
                                the 'USER' instruction</span>
                            <span><strong>Found:</strong> The 'Dockerfile' does not contain any 'USER'
                                instruction</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    python:alpine</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/hidden-in-layers/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> The 'Dockerfile' contains
                                the 'USER' instruction</span>
                            <span><strong>Found:</strong> The 'Dockerfile' does not contain any 'USER'
                                instruction</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    alpine:latest</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code"></span>
                            </div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code">LABEL
                                    MAINTAINER "Madhu Akula" INFO="Kubernetes Goat"</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/users-repos/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> The 'Dockerfile' contains
                                the 'USER' instruction</span>
                            <span><strong>Found:</strong> The 'Dockerfile' does not contain any 'USER'
                                instruction</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    python:alpine</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/health-check/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> The 'Dockerfile' contains
                                the 'USER' instruction</span>
                            <span><strong>Found:</strong> The 'Dockerfile' does not contain any 'USER'
                                instruction</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    golang:buster</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/helm-tiller/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> The 'Dockerfile' contains
                                the 'USER' instruction</span>
                            <span><strong>Found:</strong> The 'Dockerfile' does not contain any 'USER'
                                instruction</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    debian:stable</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER "Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/k8s-goat-home/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> The 'Dockerfile' contains
                                the 'USER' instruction</span>
                            <span><strong>Found:</strong> The 'Dockerfile' does not contain any 'USER'
                                instruction</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    alpine as build</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/build-code/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> The 'Dockerfile' contains
                                the 'USER' instruction</span>
                            <span><strong>Found:</strong> The 'Dockerfile' does not contain any 'USER'
                                instruction</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    alpine:latest</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/poor-registry/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> The 'Dockerfile' contains
                                the 'USER' instruction</span>
                            <span><strong>Found:</strong> The 'Dockerfile' does not contain any 'USER'
                                instruction</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    registry:2</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/system-monitor/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> The 'Dockerfile' contains
                                the 'USER' instruction</span>
                            <span><strong>Found:</strong> The 'Dockerfile' does not contain any 'USER'
                                instruction</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    ubuntu:18.04</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/batch-check/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> The 'Dockerfile' contains
                                the 'USER' instruction</span>
                            <span><strong>Found:</strong> The 'Dockerfile' does not contain any 'USER'
                                instruction</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    alpine:latest</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/metadata-db/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> The 'Dockerfile' contains
                                the 'USER' instruction</span>
                            <span><strong>Found:</strong> The 'Dockerfile' does not contain any 'USER'
                                instruction</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    golang:alpine</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="HIGH">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <path
                                            d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M13,16h-2v-2h2V16z M13,12h-2V7h2V12z" />
                                    </g>
                                </svg></div><span class="query-name">Passwords And Secrets - Generic API Key</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Common</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Secret
                                Management</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Query to find passwords and secrets
                            in infrastructure code.</span><span><a href="https://kics.io/" rel="noopener"
                                target="_blank">https://kics.io/</a></span></div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-high">2</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/hunger-check/deployment.yaml</strong>
                            <span>Line 53</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Hardcoded secret key
                                should not appear in source</span>
                            <span><strong>Found:</strong> ' k8swebhookapikey:
                                azhzLWdvYXQtZGZjZjYzMDUzOTU1M2VjZjk1ODZmZGZkYTE5NjhmZWM=' contains a secret</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">52</span><span
                                    class="code">data:</span></div>
                            <div class="code-line error"><span class="code-line-counter">53</span><span class="code">
                                    k8swebhookapikey: azhzLWdvYXQtZGZjZjYzMDUzOTU1M2VjZjk1ODZmZGZkYTE5NjhmZWM=</span>
                            </div>
                            <div class="code-line"><span class="code-line-counter">54</span><span
                                    class="code">---</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/hunger-check/deployment.yaml</strong>
                            <span>Line 44</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Hardcoded secret key
                                should not appear in source</span>
                            <span><strong>Found:</strong> ' k8svaultapikey:
                                azhzLWdvYXQtODUwNTc4NDZhODA0NmEyNWIzNWYzOGYzYTI2NDlkY2U=' contains a secret</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">43</span><span
                                    class="code">data:</span></div>
                            <div class="code-line error"><span class="code-line-counter">44</span><span class="code">
                                    k8svaultapikey: azhzLWdvYXQtODUwNTc4NDZhODA0NmEyNWIzNWYzOGYzYTI2NDlkY2U=</span>
                            </div>
                            <div class="code-line"><span class="code-line-counter">45</span><span
                                    class="code">---</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="HIGH">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <path
                                            d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M13,16h-2v-2h2V16z M13,12h-2V7h2V12z" />
                                    </g>
                                </svg></div><span class="query-name">Privilege Escalation Allowed</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Insecure
                                Configurations</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Containers should not run with
                            allowPrivilegeEscalation in order to prevent them from gaining more privileges than their
                            parent process</span><span><a
                                href="https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
                                rel="noopener"
                                target="_blank">https://kubernetes.io/docs/tasks/configure-pod-container/security-context/</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-high">4</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 44</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers[docker-bench].securityContext.allowPrivilegeEscalation is
                                set</span>
                            <span><strong>Found:</strong>
                                spec.template.spec.containers[docker-bench].securityContext.allowPrivilegeEscalation is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">43</span><span class="code"> memory:
                                    80Mi</span></div>
                            <div class="code-line error"><span class="code-line-counter">44</span><span class="code">
                                    securityContext:</span></div>
                            <div class="code-line"><span class="code-line-counter">45</span><span class="code">
                                    privileged: true</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment.yaml</strong>
                            <span>Line 24</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers[health-check].securityContext.allowPrivilegeEscalation is
                                set</span>
                            <span><strong>Found:</strong>
                                spec.template.spec.containers[health-check].securityContext.allowPrivilegeEscalation is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">23</span><span class="code"> # Custom
                                    Stuff</span></div>
                            <div class="code-line error"><span class="code-line-counter">24</span><span class="code">
                                    securityContext:</span></div>
                            <div class="code-line"><span class="code-line-counter">25</span><span class="code">
                                    privileged: true</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment-kind.yaml</strong>
                            <span>Line 24</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers[health-check].securityContext.allowPrivilegeEscalation is
                                set</span>
                            <span><strong>Found:</strong>
                                spec.template.spec.containers[health-check].securityContext.allowPrivilegeEscalation is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">23</span><span class="code"> # Custom
                                    Stuff</span></div>
                            <div class="code-line error"><span class="code-line-counter">24</span><span class="code">
                                    securityContext:</span></div>
                            <div class="code-line"><span class="code-line-counter">25</span><span class="code">
                                    privileged: true</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/system-monitor/deployment.yaml</strong>
                            <span>Line 38</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers[system-monitor].securityContext.allowPrivilegeEscalation
                                is false</span>
                            <span><strong>Found:</strong>
                                spec.template.spec.containers[system-monitor].securityContext.allowPrivilegeEscalation
                                is true</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">37</span><span class="code">
                                    securityContext:</span></div>
                            <div class="code-line error"><span class="code-line-counter">38</span><span class="code">
                                    allowPrivilegeEscalation: true</span></div>
                            <div class="code-line"><span class="code-line-counter">39</span><span class="code">
                                    privileged: true</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="HIGH">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <path
                                            d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M13,16h-2v-2h2V16z M13,12h-2V7h2V12z" />
                                    </g>
                                </svg></div><span class="query-name">Shared Host IPC Namespace</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Insecure
                                Configurations</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Container should not share the host
                            IPC namespace</span><span><a
                                href="https://kubernetes.io/docs/concepts/policy/pod-security-policy/" rel="noopener"
                                target="_blank">https://kubernetes.io/docs/concepts/policy/pod-security-policy/</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-high">2</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 28</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.hostIPC' is false or undefined</span>
                            <span><strong>Found:</strong> 'spec.template.spec.hostIPC' is true</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">27</span><span class="code"> hostPID:
                                    true</span></div>
                            <div class="code-line error"><span class="code-line-counter">28</span><span class="code">
                                    hostIPC: true</span></div>
                            <div class="code-line"><span class="code-line-counter">29</span><span class="code">
                                    hostNetwork: true</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/system-monitor/deployment.yaml</strong>
                            <span>Line 24</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.hostIPC' is false or undefined</span>
                            <span><strong>Found:</strong> 'spec.template.spec.hostIPC' is true</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">23</span><span class="code"> hostPID:
                                    true</span></div>
                            <div class="code-line error"><span class="code-line-counter">24</span><span class="code">
                                    hostIPC: true</span></div>
                            <div class="code-line"><span class="code-line-counter">25</span><span class="code">
                                    hostNetwork: true</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="HIGH">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <path
                                            d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M13,16h-2v-2h2V16z M13,12h-2V7h2V12z" />
                                    </g>
                                </svg></div><span class="query-name">Shared Host Network Namespace</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Insecure
                                Configurations</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Container should not share the host
                            network namespace</span><span><a
                                href="https://kubernetes.io/docs/concepts/policy/pod-security-policy/" rel="noopener"
                                target="_blank">https://kubernetes.io/docs/concepts/policy/pod-security-policy/</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-high">2</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 29</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.hostNetwork' is false or undefined</span>
                            <span><strong>Found:</strong> 'spec.template.spec.hostNetwork' is true</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">28</span><span class="code"> hostIPC:
                                    true</span></div>
                            <div class="code-line error"><span class="code-line-counter">29</span><span class="code">
                                    hostNetwork: true</span></div>
                            <div class="code-line"><span class="code-line-counter">30</span><span class="code">
                                    securityContext:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/system-monitor/deployment.yaml</strong>
                            <span>Line 25</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.hostNetwork' is false or undefined</span>
                            <span><strong>Found:</strong> 'spec.template.spec.hostNetwork' is true</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">24</span><span class="code"> hostIPC:
                                    true</span></div>
                            <div class="code-line error"><span class="code-line-counter">25</span><span class="code">
                                    hostNetwork: true</span></div>
                            <div class="code-line"><span class="code-line-counter">26</span><span class="code">
                                    volumes:</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="HIGH">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <path
                                            d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M13,16h-2v-2h2V16z M13,12h-2V7h2V12z" />
                                    </g>
                                </svg></div><span class="query-name">Shared Host PID Namespace</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Insecure
                                Configurations</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Container should not share the host
                            process ID namespace</span><span><a
                                href="https://kubernetes.io/docs/concepts/policy/pod-security-policy/" rel="noopener"
                                target="_blank">https://kubernetes.io/docs/concepts/policy/pod-security-policy/</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-high">4</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/node-job.yaml</strong>
                            <span>Line 9</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.hostPID' is false or undefined</span>
                            <span><strong>Found:</strong> 'spec.template.spec.hostPID' is true</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">8</span><span class="code">
                                    spec:</span></div>
                            <div class="code-line error"><span class="code-line-counter">9</span><span class="code">
                                    hostPID: true</span></div>
                            <div class="code-line"><span class="code-line-counter">10</span><span class="code">
                                    containers:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/system-monitor/deployment.yaml</strong>
                            <span>Line 23</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.hostPID' is false or undefined</span>
                            <span><strong>Found:</strong> 'spec.template.spec.hostPID' is true</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">22</span><span class="code">
                                    spec:</span></div>
                            <div class="code-line error"><span class="code-line-counter">23</span><span class="code">
                                    hostPID: true</span></div>
                            <div class="code-line"><span class="code-line-counter">24</span><span class="code"> hostIPC:
                                    true</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 27</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.hostPID' is false or undefined</span>
                            <span><strong>Found:</strong> 'spec.template.spec.hostPID' is true</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">26</span><span class="code">
                                    spec:</span></div>
                            <div class="code-line error"><span class="code-line-counter">27</span><span class="code">
                                    hostPID: true</span></div>
                            <div class="code-line"><span class="code-line-counter">28</span><span class="code"> hostIPC:
                                    true</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/master-job.yaml</strong>
                            <span>Line 9</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.hostPID' is false or undefined</span>
                            <span><strong>Found:</strong> 'spec.template.spec.hostPID' is true</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">8</span><span class="code">
                                    spec:</span></div>
                            <div class="code-line error"><span class="code-line-counter">9</span><span class="code">
                                    hostPID: true</span></div>
                            <div class="code-line"><span class="code-line-counter">10</span><span class="code">
                                    nodeSelector:</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="MEDIUM">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Apt Get Install Pin Version Not Defined</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Dockerfile</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Supply-Chain</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">When installing a package, its pin
                            version should be defined</span><span><a
                                href="https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"
                                rel="noopener"
                                target="_blank">https://docs.docker.com/develop/develop-images/dockerfile_best-practices/</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-medium">4</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/system-monitor/Dockerfile</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Package 'wget' has version
                                defined</span>
                            <span><strong>Found:</strong> Package 'wget' does not have version defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">RUN
                                    apt-get update && apt-get install -y htop \</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span class="code">
                                    libcap2-bin curl wget && \</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/system-monitor/Dockerfile</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Package 'htop' has version
                                defined</span>
                            <span><strong>Found:</strong> Package 'htop' does not have version defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">RUN
                                    apt-get update && apt-get install -y htop \</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span class="code">
                                    libcap2-bin curl wget && \</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/system-monitor/Dockerfile</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Package 'libcap2-bin' has
                                version defined</span>
                            <span><strong>Found:</strong> Package 'libcap2-bin' does not have version defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">RUN
                                    apt-get update && apt-get install -y htop \</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span class="code">
                                    libcap2-bin curl wget && \</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/system-monitor/Dockerfile</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Package 'curl' has version
                                defined</span>
                            <span><strong>Found:</strong> Package 'curl' does not have version defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">RUN
                                    apt-get update && apt-get install -y htop \</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span class="code">
                                    libcap2-bin curl wget && \</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="MEDIUM">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">CPU Limits Not Set</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Resource
                                Management</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">CPU limits should be set because if
                            the system has CPU time free, a container is guaranteed to be allocated as much CPU as it
                            requests</span><span><a
                                href="https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
                                rel="noopener"
                                target="_blank">https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-medium">6</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/master-job.yaml</strong>
                            <span>Line 17</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=kube-bench has resources defined</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=kube-bench doesn't have
                                resources defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">17</span><span class="code"> -
                                    name: kube-bench</span></div>
                            <div class="code-line"><span class="code-line-counter">18</span><span class="code"> image:
                                    aquasec/kube-bench:latest</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/cache-store/deployment.yaml</strong>
                            <span>Line 36</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=cache-store has resources defined</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=cache-store doesn't have
                                resources defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">35</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">36</span><span class="code"> -
                                    name: cache-store</span></div>
                            <div class="code-line"><span class="code-line-counter">37</span><span class="code"> image:
                                    madhuakula/k8s-goat-cache-store</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/batch-check/job.yaml</strong>
                            <span>Line 11</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=batch-check has resources defined</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=batch-check doesn't have
                                resources defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">10</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">11</span><span class="code"> -
                                    name: batch-check</span></div>
                            <div class="code-line"><span class="code-line-counter">12</span><span class="code"> image:
                                    madhuakula/k8s-goat-batch-check</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/node-job.yaml</strong>
                            <span>Line 11</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=kube-bench has resources defined</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=kube-bench doesn't have
                                resources defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">10</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">11</span><span class="code"> -
                                    name: kube-bench</span></div>
                            <div class="code-line"><span class="code-line-counter">12</span><span class="code"> image:
                                    aquasec/kube-bench:latest</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/hidden-in-layers/deployment.yaml</strong>
                            <span>Line 11</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=hidden-in-layers has resources defined</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=hidden-in-layers doesn't
                                have resources defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">10</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">11</span><span class="code"> -
                                    name: hidden-in-layers</span></div>
                            <div class="code-line"><span class="code-line-counter">12</span><span class="code"> image:
                                    madhuakula/k8s-goat-hidden-in-layers</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/hunger-check/deployment.yaml</strong>
                            <span>Line 71</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=hunger-check has resources defined</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=hunger-check doesn't have
                                resources defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">70</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">71</span><span class="code"> -
                                    name: hunger-check</span></div>
                            <div class="code-line"><span class="code-line-counter">72</span><span class="code"> image:
                                    madhuakula/k8s-goat-hunger-check</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="MEDIUM">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">CPU Requests Not Set</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Resource
                                Management</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">CPU requests should be set to
                            ensure the sum of the resource requests of the scheduled Containers is less than the
                            capacity of the node</span><span><a
                                href="https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#"
                                rel="noopener"
                                target="_blank">https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-medium">12</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/batch-check/job.yaml</strong>
                            <span>Line 11</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=batch-check does have resources defined</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=batch-check doesn't have
                                resources defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">10</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">11</span><span class="code"> -
                                    name: batch-check</span></div>
                            <div class="code-line"><span class="code-line-counter">12</span><span class="code"> image:
                                    madhuakula/k8s-goat-batch-check</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/cache-store/deployment.yaml</strong>
                            <span>Line 36</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=cache-store does have resources defined</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=cache-store doesn't have
                                resources defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">35</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">36</span><span class="code"> -
                                    name: cache-store</span></div>
                            <div class="code-line"><span class="code-line-counter">37</span><span class="code"> image:
                                    madhuakula/k8s-goat-cache-store</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/master-job.yaml</strong>
                            <span>Line 17</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=kube-bench does have resources defined</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=kube-bench doesn't have
                                resources defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">17</span><span class="code"> -
                                    name: kube-bench</span></div>
                            <div class="code-line"><span class="code-line-counter">18</span><span class="code"> image:
                                    aquasec/kube-bench:latest</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kubernetes-goat-home/deployment.yaml</strong>
                            <span>Line 17</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=kubernetes-goat-home.resources does have requests
                                defined</span>
                            <span><strong>Found:</strong>
                                spec.template.spec.containers.name=kubernetes-goat-home.resources doesn't have requests
                                defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code"> image:
                                    madhuakula/k8s-goat-home</span></div>
                            <div class="code-line error"><span class="code-line-counter">17</span><span class="code">
                                    resources:</span></div>
                            <div class="code-line"><span class="code-line-counter">18</span><span class="code">
                                    limits:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment.yaml</strong>
                            <span>Line 17</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=health-check.resources does have requests
                                defined</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=health-check.resources
                                doesn't have requests defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code"> image:
                                    madhuakula/k8s-goat-health-check</span></div>
                            <div class="code-line error"><span class="code-line-counter">17</span><span class="code">
                                    resources:</span></div>
                            <div class="code-line"><span class="code-line-counter">18</span><span class="code">
                                    limits:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/hunger-check/deployment.yaml</strong>
                            <span>Line 71</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=hunger-check does have resources defined</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=hunger-check doesn't have
                                resources defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">70</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">71</span><span class="code"> -
                                    name: hunger-check</span></div>
                            <div class="code-line"><span class="code-line-counter">72</span><span class="code"> image:
                                    madhuakula/k8s-goat-hunger-check</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/node-job.yaml</strong>
                            <span>Line 11</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=kube-bench does have resources defined</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=kube-bench doesn't have
                                resources defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">10</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">11</span><span class="code"> -
                                    name: kube-bench</span></div>
                            <div class="code-line"><span class="code-line-counter">12</span><span class="code"> image:
                                    aquasec/kube-bench:latest</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment-kind.yaml</strong>
                            <span>Line 17</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=health-check.resources does have requests
                                defined</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=health-check.resources
                                doesn't have requests defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code"> image:
                                    madhuakula/k8s-goat-health-check</span></div>
                            <div class="code-line error"><span class="code-line-counter">17</span><span class="code">
                                    resources:</span></div>
                            <div class="code-line"><span class="code-line-counter">18</span><span class="code">
                                    limits:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/hidden-in-layers/deployment.yaml</strong>
                            <span>Line 11</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=hidden-in-layers does have resources defined</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=hidden-in-layers doesn't
                                have resources defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">10</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">11</span><span class="code"> -
                                    name: hidden-in-layers</span></div>
                            <div class="code-line"><span class="code-line-counter">12</span><span class="code"> image:
                                    madhuakula/k8s-goat-hidden-in-layers</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/build-code/deployment.yaml</strong>
                            <span>Line 17</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=build-code.resources does have requests
                                defined</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=build-code.resources
                                doesn't have requests defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code"> image:
                                    madhuakula/k8s-goat-build-code</span></div>
                            <div class="code-line error"><span class="code-line-counter">17</span><span class="code">
                                    resources:</span></div>
                            <div class="code-line"><span class="code-line-counter">18</span><span class="code">
                                    limits:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/poor-registry/deployment.yaml</strong>
                            <span>Line 17</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=poor-registry.resources does have requests
                                defined</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=poor-registry.resources
                                doesn't have requests defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code"> image:
                                    madhuakula/k8s-goat-poor-registry</span></div>
                            <div class="code-line error"><span class="code-line-counter">17</span><span class="code">
                                    resources:</span></div>
                            <div class="code-line"><span class="code-line-counter">18</span><span class="code">
                                    limits:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/system-monitor/deployment.yaml</strong>
                            <span>Line 33</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=system-monitor.resources does have requests
                                defined</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=system-monitor.resources
                                doesn't have requests defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">32</span><span class="code"> image:
                                    madhuakula/k8s-goat-system-monitor</span></div>
                            <div class="code-line error"><span class="code-line-counter">33</span><span class="code">
                                    resources:</span></div>
                            <div class="code-line"><span class="code-line-counter">34</span><span class="code">
                                    limits:</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="MEDIUM">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Container Running With Low UID</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Best Practices</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Check if containers are running
                            with low UID, which might cause conflicts with the host's user table.</span><span><a
                                href="https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
                                rel="noopener"
                                target="_blank">https://kubernetes.io/docs/tasks/configure-pod-container/security-context/</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-medium">5</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/system-monitor/deployment.yaml</strong>
                            <span>Line 37</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.securityContext.runAsUser should be defined</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.securityContext.runAsUser is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">36</span><span class="code"> cpu:
                                    "20m"</span></div>
                            <div class="code-line error"><span class="code-line-counter">37</span><span class="code">
                                    securityContext:</span></div>
                            <div class="code-line"><span class="code-line-counter">38</span><span class="code">
                                    allowPrivilegeEscalation: true</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 31</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.securityContext.runAsUser should not be a low UID</span>
                            <span><strong>Found:</strong> spec.template.spec.securityContext.runAsUser is a low
                                UID</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">30</span><span class="code">
                                    securityContext:</span></div>
                            <div class="code-line error"><span class="code-line-counter">31</span><span class="code">
                                    runAsUser: 0</span></div>
                            <div class="code-line"><span class="code-line-counter">32</span><span class="code">
                                    containers:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 44</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.securityContext.runAsUser should be defined</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.securityContext.runAsUser is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">43</span><span class="code"> memory:
                                    80Mi</span></div>
                            <div class="code-line error"><span class="code-line-counter">44</span><span class="code">
                                    securityContext:</span></div>
                            <div class="code-line"><span class="code-line-counter">45</span><span class="code">
                                    privileged: true</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment-kind.yaml</strong>
                            <span>Line 24</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.securityContext.runAsUser should be defined</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.securityContext.runAsUser is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">23</span><span class="code"> # Custom
                                    Stuff</span></div>
                            <div class="code-line error"><span class="code-line-counter">24</span><span class="code">
                                    securityContext:</span></div>
                            <div class="code-line"><span class="code-line-counter">25</span><span class="code">
                                    privileged: true</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment.yaml</strong>
                            <span>Line 24</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.securityContext.runAsUser should be defined</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.securityContext.runAsUser is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">23</span><span class="code"> # Custom
                                    Stuff</span></div>
                            <div class="code-line error"><span class="code-line-counter">24</span><span class="code">
                                    securityContext:</span></div>
                            <div class="code-line"><span class="code-line-counter">25</span><span class="code">
                                    privileged: true</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="MEDIUM">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Containers With Added Capabilities</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Insecure
                                Configurations</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Containers should not have added
                            capability</span><span><a
                                href="https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
                                rel="noopener"
                                target="_blank">https://kubernetes.io/docs/tasks/configure-pod-container/security-context/</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-medium">1</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 47</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name={{docker-bench}} does not have added
                                capability</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name={{docker-bench}} has added
                                capability</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">46</span><span class="code">
                                    capabilities:</span></div>
                            <div class="code-line error"><span class="code-line-counter">47</span><span class="code">
                                    add: ["AUDIT_CONTROL"]</span></div>
                            <div class="code-line"><span class="code-line-counter">48</span><span class="code">
                                    volumeMounts:</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="MEDIUM">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Image Version Using 'latest'</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Dockerfile</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Supply-Chain</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">When building images, always tag
                            them with useful tags which codify version information, intended destination (prod or test,
                            for instance), stability, or other information that is useful when deploying the application
                            in different environments. Do not rely on the automatically-created latest
                            tag</span><span><a href="https://docs.docker.com/develop/dev-best-practices/" rel="noopener"
                                target="_blank">https://docs.docker.com/develop/dev-best-practices/</a></span></div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-medium">3</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/batch-check/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> FROM
                                alpine:latest:'version' where version is not 'latest'</span>
                            <span><strong>Found:</strong> FROM alpine:latest'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    alpine:latest</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/hidden-in-layers/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> FROM
                                alpine:latest:'version' where version is not 'latest'</span>
                            <span><strong>Found:</strong> FROM alpine:latest'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    alpine:latest</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code"></span>
                            </div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code">LABEL
                                    MAINTAINER "Madhu Akula" INFO="Kubernetes Goat"</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/build-code/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> FROM
                                alpine:latest:'version' where version is not 'latest'</span>
                            <span><strong>Found:</strong> FROM alpine:latest'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    alpine:latest</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="MEDIUM">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Liveness Probe Is Not Defined</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Availability</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Liveness Probe must be
                            defined.</span><span><a
                                href="https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-tcp-liveness-probe"
                                rel="noopener"
                                target="_blank">https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-tcp-liveness-probe</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-medium">11</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/internal-proxy/deployment.yaml</strong>
                            <span>Line 17</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{internal-proxy-deployment}}.spec.containers.name={{internal-api}}.livenessProbe
                                is defined</span>
                            <span><strong>Found:</strong>
                                metadata.name={{internal-proxy-deployment}}.spec.containers.name={{internal-api}}.livenessProbe
                                is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">17</span><span class="code"> -
                                    name: internal-api</span></div>
                            <div class="code-line"><span class="code-line-counter">18</span><span class="code"> image:
                                    madhuakula/k8s-goat-internal-api</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kubernetes-goat-home/deployment.yaml</strong>
                            <span>Line 15</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{kubernetes-goat-home-deployment}}.spec.containers.name={{kubernetes-goat-home}}.livenessProbe
                                is defined</span>
                            <span><strong>Found:</strong>
                                metadata.name={{kubernetes-goat-home-deployment}}.spec.containers.name={{kubernetes-goat-home}}.livenessProbe
                                is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">14</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">15</span><span class="code"> -
                                    name: kubernetes-goat-home</span></div>
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code"> image:
                                    madhuakula/k8s-goat-home</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment-kind.yaml</strong>
                            <span>Line 15</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{health-check-deployment}}.spec.containers.name={{health-check}}.livenessProbe
                                is defined</span>
                            <span><strong>Found:</strong>
                                metadata.name={{health-check-deployment}}.spec.containers.name={{health-check}}.livenessProbe
                                is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">14</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">15</span><span class="code"> -
                                    name: health-check</span></div>
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code"> image:
                                    madhuakula/k8s-goat-health-check</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/build-code/deployment.yaml</strong>
                            <span>Line 15</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{build-code-deployment}}.spec.containers.name={{build-code}}.livenessProbe
                                is defined</span>
                            <span><strong>Found:</strong>
                                metadata.name={{build-code-deployment}}.spec.containers.name={{build-code}}.livenessProbe
                                is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">14</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">15</span><span class="code"> -
                                    name: build-code</span></div>
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code"> image:
                                    madhuakula/k8s-goat-build-code</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/internal-proxy/deployment.yaml</strong>
                            <span>Line 28</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{internal-proxy-deployment}}.spec.containers.name={{info-app}}.livenessProbe
                                is defined</span>
                            <span><strong>Found:</strong>
                                metadata.name={{internal-proxy-deployment}}.spec.containers.name={{info-app}}.livenessProbe
                                is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">27</span><span class="code"> -
                                    containerPort: 3000</span></div>
                            <div class="code-line error"><span class="code-line-counter">28</span><span class="code"> -
                                    name: info-app</span></div>
                            <div class="code-line"><span class="code-line-counter">29</span><span class="code"> image:
                                    madhuakula/k8s-goat-info-app</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment.yaml</strong>
                            <span>Line 15</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{health-check-deployment}}.spec.containers.name={{health-check}}.livenessProbe
                                is defined</span>
                            <span><strong>Found:</strong>
                                metadata.name={{health-check-deployment}}.spec.containers.name={{health-check}}.livenessProbe
                                is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">14</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">15</span><span class="code"> -
                                    name: health-check</span></div>
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code"> image:
                                    madhuakula/k8s-goat-health-check</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/hunger-check/deployment.yaml</strong>
                            <span>Line 71</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{hunger-check-deployment}}.spec.containers.name={{hunger-check}}.livenessProbe
                                is defined</span>
                            <span><strong>Found:</strong>
                                metadata.name={{hunger-check-deployment}}.spec.containers.name={{hunger-check}}.livenessProbe
                                is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">70</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">71</span><span class="code"> -
                                    name: hunger-check</span></div>
                            <div class="code-line"><span class="code-line-counter">72</span><span class="code"> image:
                                    madhuakula/k8s-goat-hunger-check</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/cache-store/deployment.yaml</strong>
                            <span>Line 36</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{cache-store-deployment}}.spec.containers.name={{cache-store}}.livenessProbe
                                is defined</span>
                            <span><strong>Found:</strong>
                                metadata.name={{cache-store-deployment}}.spec.containers.name={{cache-store}}.livenessProbe
                                is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">35</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">36</span><span class="code"> -
                                    name: cache-store</span></div>
                            <div class="code-line"><span class="code-line-counter">37</span><span class="code"> image:
                                    madhuakula/k8s-goat-cache-store</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/system-monitor/deployment.yaml</strong>
                            <span>Line 31</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{system-monitor-deployment}}.spec.containers.name={{system-monitor}}.livenessProbe
                                is defined</span>
                            <span><strong>Found:</strong>
                                metadata.name={{system-monitor-deployment}}.spec.containers.name={{system-monitor}}.livenessProbe
                                is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">30</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">31</span><span class="code"> -
                                    name: system-monitor</span></div>
                            <div class="code-line"><span class="code-line-counter">32</span><span class="code"> image:
                                    madhuakula/k8s-goat-system-monitor</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 33</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{docker-bench-security}}.spec.containers.name={{docker-bench}}.livenessProbe
                                is defined</span>
                            <span><strong>Found:</strong>
                                metadata.name={{docker-bench-security}}.spec.containers.name={{docker-bench}}.livenessProbe
                                is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">32</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">33</span><span class="code"> -
                                    name: docker-bench</span></div>
                            <div class="code-line"><span class="code-line-counter">34</span><span class="code"> image:
                                    madhuakula/hacker-container</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/poor-registry/deployment.yaml</strong>
                            <span>Line 15</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{poor-registry-deployment}}.spec.containers.name={{poor-registry}}.livenessProbe
                                is defined</span>
                            <span><strong>Found:</strong>
                                metadata.name={{poor-registry-deployment}}.spec.containers.name={{poor-registry}}.livenessProbe
                                is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">14</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">15</span><span class="code"> -
                                    name: poor-registry</span></div>
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code"> image:
                                    madhuakula/k8s-goat-poor-registry</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="MEDIUM">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">NPM Install Command Without Pinned Version</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Dockerfile</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Supply-Chain</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Check if packages installed by npm
                            are pinning a specific version.</span><span><a
                                href="https://docs.docker.com/engine/reference/builder/#run" rel="noopener"
                                target="_blank">https://docs.docker.com/engine/reference/builder/#run</a></span></div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-medium">1</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/internal-api/Dockerfile</strong>
                            <span>Line 8</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> 'RUN npm install && apk
                                add --no-cache curl' uses npm install with a pinned version</span>
                            <span><strong>Found:</strong> 'RUN npm install && apk add --no-cache curl' does not uses npm
                                install with a pinned version</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">7</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">8</span><span class="code">RUN
                                    npm install \</span></div>
                            <div class="code-line"><span class="code-line-counter">9</span><span class="code"> && apk
                                    add --no-cache curl</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="MEDIUM">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Non Kube System Pod With Host Mount</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Access Control</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">A non kube-system workload should
                            not have hostPath mounted</span><span><a
                                href="https://kubernetes.io/docs/concepts/storage/volumes/" rel="noopener"
                                target="_blank">https://kubernetes.io/docs/concepts/storage/volumes/</a></span></div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-medium">17</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 91</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Resource name
                                'docker-bench-security' of kind 'DaemonSet' in a non kube-system namespace 'default'
                                should not have hostPath '/var/run/docker.sock' mounted</span>
                            <span><strong>Found:</strong> Resource name 'docker-bench-security' of kind 'DaemonSet' in a
                                non kube-system namespace 'default' has a hostPath '/var/run/docker.sock' mounted</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">90</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">91</span><span class="code">
                                    path: /var/run/docker.sock</span></div>
                            <div class="code-line"><span class="code-line-counter">92</span><span class="code"> type:
                                    Socket</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment.yaml</strong>
                            <span>Line 32</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Resource name
                                'health-check-deployment' of kind 'Deployment' in a non kube-system namespace 'default'
                                should not have hostPath '/var/run/docker.sock' mounted</span>
                            <span><strong>Found:</strong> Resource name 'health-check-deployment' of kind 'Deployment'
                                in a non kube-system namespace 'default' has a hostPath '/var/run/docker.sock'
                                mounted</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">31</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">32</span><span class="code">
                                    path: /var/run/docker.sock</span></div>
                            <div class="code-line"><span class="code-line-counter">33</span><span class="code"> type:
                                    Socket</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment-kind.yaml</strong>
                            <span>Line 32</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Resource name
                                'health-check-deployment' of kind 'Deployment' in a non kube-system namespace 'default'
                                should not have hostPath '/var/run/docker.sock' mounted</span>
                            <span><strong>Found:</strong> Resource name 'health-check-deployment' of kind 'Deployment'
                                in a non kube-system namespace 'default' has a hostPath '/var/run/docker.sock'
                                mounted</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">31</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">32</span><span class="code">
                                    path: /var/run/docker.sock</span></div>
                            <div class="code-line"><span class="code-line-counter">33</span><span
                                    class="code">---</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/master-job.yaml</strong>
                            <span>Line 36</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Resource name
                                'kube-bench-master' of kind 'Job' in a non kube-system namespace 'default' should not
                                have hostPath '/var/lib/etcd' mounted</span>
                            <span><strong>Found:</strong> Resource name 'kube-bench-master' of kind 'Job' in a non
                                kube-system namespace 'default' has a hostPath '/var/lib/etcd' mounted</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">35</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">36</span><span class="code">
                                    path: "/var/lib/etcd"</span></div>
                            <div class="code-line"><span class="code-line-counter">37</span><span class="code"> - name:
                                    etc-kubernetes</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 76</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Resource name
                                'docker-bench-security' of kind 'DaemonSet' in a non kube-system namespace 'default'
                                should not have hostPath '/usr/lib/systemd' mounted</span>
                            <span><strong>Found:</strong> Resource name 'docker-bench-security' of kind 'DaemonSet' in a
                                non kube-system namespace 'default' has a hostPath '/usr/lib/systemd' mounted</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">75</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">76</span><span class="code">
                                    path: /usr/lib/systemd</span></div>
                            <div class="code-line"><span class="code-line-counter">77</span><span class="code"> - name:
                                    etc-vol</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/system-monitor/deployment.yaml</strong>
                            <span>Line 29</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Resource name
                                'system-monitor-deployment' of kind 'Deployment' in a non kube-system namespace
                                'default' should not have hostPath '/' mounted</span>
                            <span><strong>Found:</strong> Resource name 'system-monitor-deployment' of kind 'Deployment'
                                in a non kube-system namespace 'default' has a hostPath '/' mounted</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">28</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">29</span><span class="code">
                                    path: /</span></div>
                            <div class="code-line"><span class="code-line-counter">30</span><span class="code">
                                    containers:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/master-job.yaml</strong>
                            <span>Line 42</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Resource name
                                'kube-bench-master' of kind 'Job' in a non kube-system namespace 'default' should not
                                have hostPath '/usr/bin' mounted</span>
                            <span><strong>Found:</strong> Resource name 'kube-bench-master' of kind 'Job' in a non
                                kube-system namespace 'default' has a hostPath '/usr/bin' mounted</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">41</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">42</span><span class="code">
                                    path: "/usr/bin"</span></div>
                            <div class="code-line"><span class="code-line-counter">43</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 88</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Resource name
                                'docker-bench-security' of kind 'DaemonSet' in a non kube-system namespace 'default'
                                should not have hostPath '/usr/bin/runc' mounted</span>
                            <span><strong>Found:</strong> Resource name 'docker-bench-security' of kind 'DaemonSet' in a
                                non kube-system namespace 'default' has a hostPath '/usr/bin/runc' mounted</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">87</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">88</span><span class="code">
                                    path: /usr/bin/runc</span></div>
                            <div class="code-line"><span class="code-line-counter">89</span><span class="code"> - name:
                                    docker-sock-volume</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 85</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Resource name
                                'docker-bench-security' of kind 'DaemonSet' in a non kube-system namespace 'default'
                                should not have hostPath '/usr/bin/containerd' mounted</span>
                            <span><strong>Found:</strong> Resource name 'docker-bench-security' of kind 'DaemonSet' in a
                                non kube-system namespace 'default' has a hostPath '/usr/bin/containerd' mounted</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">84</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">85</span><span class="code">
                                    path: /usr/bin/containerd</span></div>
                            <div class="code-line"><span class="code-line-counter">86</span><span class="code"> - name:
                                    usr-bin-runc-vol</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 79</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Resource name
                                'docker-bench-security' of kind 'DaemonSet' in a non kube-system namespace 'default'
                                should not have hostPath '/etc' mounted</span>
                            <span><strong>Found:</strong> Resource name 'docker-bench-security' of kind 'DaemonSet' in a
                                non kube-system namespace 'default' has a hostPath '/etc' mounted</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">78</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">79</span><span class="code">
                                    path: /etc</span></div>
                            <div class="code-line"><span class="code-line-counter">80</span><span class="code"> - name:
                                    lib-systemd-system-vol</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/node-job.yaml</strong>
                            <span>Line 37</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Resource name
                                'kube-bench-node' of kind 'Job' in a non kube-system namespace 'default' should not have
                                hostPath '/etc/systemd' mounted</span>
                            <span><strong>Found:</strong> Resource name 'kube-bench-node' of kind 'Job' in a non
                                kube-system namespace 'default' has a hostPath '/etc/systemd' mounted</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">36</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">37</span><span class="code">
                                    path: "/etc/systemd"</span></div>
                            <div class="code-line"><span class="code-line-counter">38</span><span class="code"> - name:
                                    etc-kubernetes</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/node-job.yaml</strong>
                            <span>Line 43</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Resource name
                                'kube-bench-node' of kind 'Job' in a non kube-system namespace 'default' should not have
                                hostPath '/usr/bin' mounted</span>
                            <span><strong>Found:</strong> Resource name 'kube-bench-node' of kind 'Job' in a non
                                kube-system namespace 'default' has a hostPath '/usr/bin' mounted</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">42</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">43</span><span class="code">
                                    path: "/usr/bin"</span></div>
                            <div class="code-line"><span class="code-line-counter">44</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/master-job.yaml</strong>
                            <span>Line 39</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Resource name
                                'kube-bench-master' of kind 'Job' in a non kube-system namespace 'default' should not
                                have hostPath '/etc/kubernetes' mounted</span>
                            <span><strong>Found:</strong> Resource name 'kube-bench-master' of kind 'Job' in a non
                                kube-system namespace 'default' has a hostPath '/etc/kubernetes' mounted</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">38</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">39</span><span class="code">
                                    path: "/etc/kubernetes"</span></div>
                            <div class="code-line"><span class="code-line-counter">40</span><span class="code"> - name:
                                    usr-bin</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 82</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Resource name
                                'docker-bench-security' of kind 'DaemonSet' in a non kube-system namespace 'default'
                                should not have hostPath '/lib/systemd/system' mounted</span>
                            <span><strong>Found:</strong> Resource name 'docker-bench-security' of kind 'DaemonSet' in a
                                non kube-system namespace 'default' has a hostPath '/lib/systemd/system' mounted</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">81</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">82</span><span class="code">
                                    path: /lib/systemd/system</span></div>
                            <div class="code-line"><span class="code-line-counter">83</span><span class="code"> - name:
                                    usr-bin-contained-vol</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 73</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Resource name
                                'docker-bench-security' of kind 'DaemonSet' in a non kube-system namespace 'default'
                                should not have hostPath '/var/lib' mounted</span>
                            <span><strong>Found:</strong> Resource name 'docker-bench-security' of kind 'DaemonSet' in a
                                non kube-system namespace 'default' has a hostPath '/var/lib' mounted</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">72</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">73</span><span class="code">
                                    path: /var/lib</span></div>
                            <div class="code-line"><span class="code-line-counter">74</span><span class="code"> - name:
                                    usr-lib-systemd-vol</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/node-job.yaml</strong>
                            <span>Line 40</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Resource name
                                'kube-bench-node' of kind 'Job' in a non kube-system namespace 'default' should not have
                                hostPath '/etc/kubernetes' mounted</span>
                            <span><strong>Found:</strong> Resource name 'kube-bench-node' of kind 'Job' in a non
                                kube-system namespace 'default' has a hostPath '/etc/kubernetes' mounted</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">39</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">40</span><span class="code">
                                    path: "/etc/kubernetes"</span></div>
                            <div class="code-line"><span class="code-line-counter">41</span><span class="code"> - name:
                                    usr-bin</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/node-job.yaml</strong>
                            <span>Line 34</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Resource name
                                'kube-bench-node' of kind 'Job' in a non kube-system namespace 'default' should not have
                                hostPath '/var/lib/kubelet' mounted</span>
                            <span><strong>Found:</strong> Resource name 'kube-bench-node' of kind 'Job' in a non
                                kube-system namespace 'default' has a hostPath '/var/lib/kubelet' mounted</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">33</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">34</span><span class="code">
                                    path: "/var/lib/kubelet"</span></div>
                            <div class="code-line"><span class="code-line-counter">35</span><span class="code"> - name:
                                    etc-systemd</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="MEDIUM">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Pip install Keeping Cached Packages</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Dockerfile</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Supply-Chain</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">When installing packages with pip,
                            the '--no-cache-dir' flag should be set to make Docker images smaller</span><span><a
                                href="https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"
                                rel="noopener"
                                target="_blank">https://docs.docker.com/develop/develop-images/dockerfile_best-practices/</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-medium">2</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/build-code/Dockerfile</strong>
                            <span>Line 6</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> The '--no-cache-dir' flag
                                is set when running 'pip/pip3 install'</span>
                            <span><strong>Found:</strong> The '--no-cache-dir' flag isn't set when running 'pip/pip3
                                install'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">5</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">6</span><span class="code">RUN
                                    apk --no-cache add git py3-pip \</span></div>
                            <div class="code-line"><span class="code-line-counter">7</span><span class="code"> && pip
                                    install truffleHog \</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/info-app/Dockerfile</strong>
                            <span>Line 6</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> The '--no-cache-dir' flag
                                is set when running 'pip/pip3 install'</span>
                            <span><strong>Found:</strong> The '--no-cache-dir' flag isn't set when running 'pip/pip3
                                install'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">5</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">6</span><span class="code">RUN
                                    pip install flask</span></div>
                            <div class="code-line"><span class="code-line-counter">7</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="MEDIUM">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">RUN Instruction Using 'cd' Instead of
                                WORKDIR</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Dockerfile</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Build Process</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Use WORKDIR instead of
                            proliferating instructions like RUN cd … && do-something, which are hard to read,
                            troubleshoot, and maintain.</span><span><a
                                href="https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#workdir"
                                rel="noopener"
                                target="_blank">https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#workdir</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-medium">2</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/system-monitor/Dockerfile</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Using WORKDIR to change
                                directory</span>
                            <span><strong>Found:</strong> RUN apt-get update && apt-get install -y htop libcap2-bin curl
                                wget && cd /tmp; wget
                                https://github.com/yudai/gotty/releases/download/v1.0.1/gotty_linux_amd64.tar.gz && tar
                                -xvzf gotty_linux_amd64.tar.gz; mv gotty /usr/local/bin/gotty'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">RUN
                                    apt-get update && apt-get install -y htop \</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span class="code">
                                    libcap2-bin curl wget && \</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/hunger-check/Dockerfile</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Using WORKDIR to change
                                directory</span>
                            <span><strong>Found:</strong> RUN apt update && apt install stress-ng curl wget -y && cd
                                /tmp; wget
                                https://github.com/yudai/gotty/releases/download/v1.0.1/gotty_linux_amd64.tar.gz && tar
                                -xvzf gotty_linux_amd64.tar.gz; mv gotty /usr/local/bin/gotty'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">RUN
                                    apt update && apt install stress-ng curl wget -y \</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span class="code"> && cd
                                    /tmp; wget
                                    https://github.com/yudai/gotty/releases/download/v1.0.1/gotty_linux_amd64.tar.gz
                                    \</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="MEDIUM">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Resource With Allow Privilege Escalation</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Best Practices</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Minimize the admission of
                            privileged resources</span><span><a
                                href="https://kubernetes.io/docs/concepts/policy/pod-security-policy/" rel="noopener"
                                target="_blank">https://kubernetes.io/docs/concepts/policy/pod-security-policy/</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-medium">1</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/system-monitor/deployment.yaml</strong>
                            <span>Line 38</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.securityContext.allowPrivilegeEscalation = false</span>
                            <span><strong>Found:</strong>
                                spec.template.spec.containers.securityContext.allowPrivilegeEscalation = true</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">37</span><span class="code">
                                    securityContext:</span></div>
                            <div class="code-line error"><span class="code-line-counter">38</span><span class="code">
                                    allowPrivilegeEscalation: true</span></div>
                            <div class="code-line"><span class="code-line-counter">39</span><span class="code">
                                    privileged: true</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="MEDIUM">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Run Using apt</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Dockerfile</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Supply-Chain</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">apt is discouraged by the linux
                            distributions as an unattended tool as its interface may suffer changes between versions.
                            Better use the more stable apt-get and apt-cache</span><span><a
                                href="https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run"
                                rel="noopener"
                                target="_blank">https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-medium">3</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/helm-tiller/Dockerfile</strong>
                            <span>Line 9</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> RUN instructions should
                                not use the 'apt' program</span>
                            <span><strong>Found:</strong> RUN instruction is invoking the 'apt' program</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">8</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">9</span><span class="code">RUN
                                    apt update && apt install curl wget ca-certificates bash telnet -y \</span></div>
                            <div class="code-line"><span class="code-line-counter">10</span><span class="code"> && curl
                                    -LO https://get.helm.sh/helm-v${HELMV2_VERSION}-linux-amd64.tar.gz \</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/hunger-check/Dockerfile</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> RUN instructions should
                                not use the 'apt' program</span>
                            <span><strong>Found:</strong> RUN instruction is invoking the 'apt' program</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">RUN
                                    apt update && apt install stress-ng curl wget -y \</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span class="code"> && cd
                                    /tmp; wget
                                    https://github.com/yudai/gotty/releases/download/v1.0.1/gotty_linux_amd64.tar.gz
                                    \</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/health-check/Dockerfile</strong>
                            <span>Line 12</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> RUN instructions should
                                not use the 'apt' program</span>
                            <span><strong>Found:</strong> RUN instruction is invoking the 'apt' program</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">11</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">12</span><span class="code">RUN
                                    apt update && apt install curl wget iputils-ping -y</span></div>
                            <div class="code-line"><span class="code-line-counter">13</span><span class="code">RUN go
                                    build -o /</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="MEDIUM">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Seccomp Profile Is Not Configured</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Insecure
                                Configurations</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Check if any resource does not
                            configure Seccomp default profile properly</span><span><a
                                href="https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp"
                                rel="noopener"
                                target="_blank">https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-medium">12</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/internal-proxy/deployment.yaml</strong>
                            <span>Line 12</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.metadata.annotations' is set</span>
                            <span><strong>Found:</strong> 'spec.template.metadata.annotations' is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">11</span><span class="code">
                                    template:</span></div>
                            <div class="code-line error"><span class="code-line-counter">12</span><span class="code">
                                    metadata:</span></div>
                            <div class="code-line"><span class="code-line-counter">13</span><span class="code">
                                    labels:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/hidden-in-layers/deployment.yaml</strong>
                            <span>Line 7</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.metadata.annotations' is set</span>
                            <span><strong>Found:</strong> 'spec.template.metadata.annotations' is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">6</span><span class="code">
                                    template:</span></div>
                            <div class="code-line error"><span class="code-line-counter">7</span><span class="code">
                                    metadata:</span></div>
                            <div class="code-line"><span class="code-line-counter">8</span><span class="code"> name:
                                    hidden-in-layers</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment-kind.yaml</strong>
                            <span>Line 10</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.metadata.annotations' is set</span>
                            <span><strong>Found:</strong> 'spec.template.metadata.annotations' is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">9</span><span class="code">
                                    template:</span></div>
                            <div class="code-line error"><span class="code-line-counter">10</span><span class="code">
                                    metadata:</span></div>
                            <div class="code-line"><span class="code-line-counter">11</span><span class="code">
                                    labels:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 23</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.metadata.annotations' is set</span>
                            <span><strong>Found:</strong> 'spec.template.metadata.annotations' is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">22</span><span class="code">
                                    template:</span></div>
                            <div class="code-line error"><span class="code-line-counter">23</span><span class="code">
                                    metadata:</span></div>
                            <div class="code-line"><span class="code-line-counter">24</span><span class="code">
                                    labels:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/cache-store/deployment.yaml</strong>
                            <span>Line 31</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.metadata.annotations' is set</span>
                            <span><strong>Found:</strong> 'spec.template.metadata.annotations' is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">30</span><span class="code">
                                    template:</span></div>
                            <div class="code-line error"><span class="code-line-counter">31</span><span class="code">
                                    metadata:</span></div>
                            <div class="code-line"><span class="code-line-counter">32</span><span class="code">
                                    labels:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment.yaml</strong>
                            <span>Line 10</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.metadata.annotations' is set</span>
                            <span><strong>Found:</strong> 'spec.template.metadata.annotations' is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">9</span><span class="code">
                                    template:</span></div>
                            <div class="code-line error"><span class="code-line-counter">10</span><span class="code">
                                    metadata:</span></div>
                            <div class="code-line"><span class="code-line-counter">11</span><span class="code">
                                    labels:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/hunger-check/deployment.yaml</strong>
                            <span>Line 65</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.metadata.annotations' is set</span>
                            <span><strong>Found:</strong> 'spec.template.metadata.annotations' is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">64</span><span class="code">
                                    template:</span></div>
                            <div class="code-line error"><span class="code-line-counter">65</span><span class="code">
                                    metadata:</span></div>
                            <div class="code-line"><span class="code-line-counter">66</span><span class="code">
                                    labels:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kubernetes-goat-home/deployment.yaml</strong>
                            <span>Line 10</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.metadata.annotations' is set</span>
                            <span><strong>Found:</strong> 'spec.template.metadata.annotations' is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">9</span><span class="code">
                                    template:</span></div>
                            <div class="code-line error"><span class="code-line-counter">10</span><span class="code">
                                    metadata:</span></div>
                            <div class="code-line"><span class="code-line-counter">11</span><span class="code">
                                    labels:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/batch-check/job.yaml</strong>
                            <span>Line 7</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.metadata.annotations' is set</span>
                            <span><strong>Found:</strong> 'spec.template.metadata.annotations' is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">6</span><span class="code">
                                    template:</span></div>
                            <div class="code-line error"><span class="code-line-counter">7</span><span class="code">
                                    metadata:</span></div>
                            <div class="code-line"><span class="code-line-counter">8</span><span class="code"> name:
                                    batch-check-job</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/build-code/deployment.yaml</strong>
                            <span>Line 10</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.metadata.annotations' is set</span>
                            <span><strong>Found:</strong> 'spec.template.metadata.annotations' is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">9</span><span class="code">
                                    template:</span></div>
                            <div class="code-line error"><span class="code-line-counter">10</span><span class="code">
                                    metadata:</span></div>
                            <div class="code-line"><span class="code-line-counter">11</span><span class="code">
                                    labels:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/system-monitor/deployment.yaml</strong>
                            <span>Line 19</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.metadata.annotations' is set</span>
                            <span><strong>Found:</strong> 'spec.template.metadata.annotations' is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">18</span><span class="code">
                                    template:</span></div>
                            <div class="code-line error"><span class="code-line-counter">19</span><span class="code">
                                    metadata:</span></div>
                            <div class="code-line"><span class="code-line-counter">20</span><span class="code">
                                    labels:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/poor-registry/deployment.yaml</strong>
                            <span>Line 10</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.metadata.annotations' is set</span>
                            <span><strong>Found:</strong> 'spec.template.metadata.annotations' is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">9</span><span class="code">
                                    template:</span></div>
                            <div class="code-line error"><span class="code-line-counter">10</span><span class="code">
                                    metadata:</span></div>
                            <div class="code-line"><span class="code-line-counter">11</span><span class="code">
                                    labels:</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="MEDIUM">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Service Account Token Automount Not Disabled</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Insecure
                                Defaults</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Service Account Tokens are
                            automatically mounted even if not necessary</span><span><a
                                href="https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server"
                                rel="noopener"
                                target="_blank">https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-medium">14</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/hidden-in-layers/deployment.yaml</strong>
                            <span>Line 9</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.automountServiceAccountToken' is false</span>
                            <span><strong>Found:</strong> 'spec.template.spec.automountServiceAccountToken' is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">8</span><span class="code"> name:
                                    hidden-in-layers</span></div>
                            <div class="code-line error"><span class="code-line-counter">9</span><span class="code">
                                    spec:</span></div>
                            <div class="code-line"><span class="code-line-counter">10</span><span class="code">
                                    containers:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/build-code/deployment.yaml</strong>
                            <span>Line 13</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.automountServiceAccountToken' is false</span>
                            <span><strong>Found:</strong> 'spec.template.spec.automountServiceAccountToken' is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">12</span><span class="code"> app:
                                    build-code</span></div>
                            <div class="code-line error"><span class="code-line-counter">13</span><span class="code">
                                    spec:</span></div>
                            <div class="code-line"><span class="code-line-counter">14</span><span class="code">
                                    containers:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 26</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.automountServiceAccountToken' is false</span>
                            <span><strong>Found:</strong> 'spec.template.spec.automountServiceAccountToken' is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">25</span><span class="code"> name:
                                    docker-bench</span></div>
                            <div class="code-line error"><span class="code-line-counter">26</span><span class="code">
                                    spec:</span></div>
                            <div class="code-line"><span class="code-line-counter">27</span><span class="code"> hostPID:
                                    true</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/hunger-check/deployment.yaml</strong>
                            <span>Line 68</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.automountServiceAccountToken' is false</span>
                            <span><strong>Found:</strong> 'spec.template.spec.automountServiceAccountToken' is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">67</span><span class="code"> app:
                                    hunger-check</span></div>
                            <div class="code-line error"><span class="code-line-counter">68</span><span class="code">
                                    spec:</span></div>
                            <div class="code-line"><span class="code-line-counter">69</span><span class="code">
                                    serviceAccountName: big-monolith-sa</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/master-job.yaml</strong>
                            <span>Line 8</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.automountServiceAccountToken' is false</span>
                            <span><strong>Found:</strong> 'spec.template.spec.automountServiceAccountToken' is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">7</span><span class="code">
                                    template:</span></div>
                            <div class="code-line error"><span class="code-line-counter">8</span><span class="code">
                                    spec:</span></div>
                            <div class="code-line"><span class="code-line-counter">9</span><span class="code"> hostPID:
                                    true</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kubernetes-goat-home/deployment.yaml</strong>
                            <span>Line 13</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.automountServiceAccountToken' is false</span>
                            <span><strong>Found:</strong> 'spec.template.spec.automountServiceAccountToken' is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">12</span><span class="code"> app:
                                    kubernetes-goat-home</span></div>
                            <div class="code-line error"><span class="code-line-counter">13</span><span class="code">
                                    spec:</span></div>
                            <div class="code-line"><span class="code-line-counter">14</span><span class="code">
                                    containers:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/internal-proxy/deployment.yaml</strong>
                            <span>Line 15</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.automountServiceAccountToken' is false</span>
                            <span><strong>Found:</strong> 'spec.template.spec.automountServiceAccountToken' is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">14</span><span class="code"> app:
                                    internal-proxy</span></div>
                            <div class="code-line error"><span class="code-line-counter">15</span><span class="code">
                                    spec:</span></div>
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code">
                                    containers:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/cache-store/deployment.yaml</strong>
                            <span>Line 34</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.automountServiceAccountToken' is false</span>
                            <span><strong>Found:</strong> 'spec.template.spec.automountServiceAccountToken' is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">33</span><span class="code"> app:
                                    cache-store</span></div>
                            <div class="code-line error"><span class="code-line-counter">34</span><span class="code">
                                    spec:</span></div>
                            <div class="code-line"><span class="code-line-counter">35</span><span class="code">
                                    containers:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment.yaml</strong>
                            <span>Line 13</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.automountServiceAccountToken' is false</span>
                            <span><strong>Found:</strong> 'spec.template.spec.automountServiceAccountToken' is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">12</span><span class="code"> app:
                                    health-check</span></div>
                            <div class="code-line error"><span class="code-line-counter">13</span><span class="code">
                                    spec:</span></div>
                            <div class="code-line"><span class="code-line-counter">14</span><span class="code">
                                    containers:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/system-monitor/deployment.yaml</strong>
                            <span>Line 22</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.automountServiceAccountToken' is false</span>
                            <span><strong>Found:</strong> 'spec.template.spec.automountServiceAccountToken' is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">21</span><span class="code"> app:
                                    system-monitor</span></div>
                            <div class="code-line error"><span class="code-line-counter">22</span><span class="code">
                                    spec:</span></div>
                            <div class="code-line"><span class="code-line-counter">23</span><span class="code"> hostPID:
                                    true</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/node-job.yaml</strong>
                            <span>Line 8</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.automountServiceAccountToken' is false</span>
                            <span><strong>Found:</strong> 'spec.template.spec.automountServiceAccountToken' is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">7</span><span class="code">
                                    template:</span></div>
                            <div class="code-line error"><span class="code-line-counter">8</span><span class="code">
                                    spec:</span></div>
                            <div class="code-line"><span class="code-line-counter">9</span><span class="code"> hostPID:
                                    true</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment-kind.yaml</strong>
                            <span>Line 13</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.automountServiceAccountToken' is false</span>
                            <span><strong>Found:</strong> 'spec.template.spec.automountServiceAccountToken' is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">12</span><span class="code"> app:
                                    health-check</span></div>
                            <div class="code-line error"><span class="code-line-counter">13</span><span class="code">
                                    spec:</span></div>
                            <div class="code-line"><span class="code-line-counter">14</span><span class="code">
                                    containers:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/poor-registry/deployment.yaml</strong>
                            <span>Line 13</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.automountServiceAccountToken' is false</span>
                            <span><strong>Found:</strong> 'spec.template.spec.automountServiceAccountToken' is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">12</span><span class="code"> app:
                                    poor-registry</span></div>
                            <div class="code-line error"><span class="code-line-counter">13</span><span class="code">
                                    spec:</span></div>
                            <div class="code-line"><span class="code-line-counter">14</span><span class="code">
                                    containers:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/batch-check/job.yaml</strong>
                            <span>Line 9</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.automountServiceAccountToken' is false</span>
                            <span><strong>Found:</strong> 'spec.template.spec.automountServiceAccountToken' is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">8</span><span class="code"> name:
                                    batch-check-job</span></div>
                            <div class="code-line error"><span class="code-line-counter">9</span><span class="code">
                                    spec:</span></div>
                            <div class="code-line"><span class="code-line-counter">10</span><span class="code">
                                    containers:</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="MEDIUM">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Unpinned Package Version in Apk Add</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Dockerfile</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Supply-Chain</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Package version pinning reduces the
                            range of versions that can be installed, reducing the chances of failure due to
                            unanticipated changes</span><span><a
                                href="https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"
                                rel="noopener"
                                target="_blank">https://docs.docker.com/develop/develop-images/dockerfile_best-practices/</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-medium">5</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/k8s-goat-home/Dockerfile</strong>
                            <span>Line 7</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> RUN instruction with 'apk
                                add &lt;package>' should use package pinning form 'apk add
                                &lt;package>=&lt;version>'</span>
                            <span><strong>Found:</strong> RUN instruction set -x && apk add --update wget git
                                ca-certificates imagemagick && wget
                                https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/${HUGO_BINARY} &&
                                tar xzf ${HUGO_BINARY} && mv hugo /usr/bin does not use package pinning form</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">6</span><span class="code">ENV
                                    HUGO_BINARY hugo_${HUGO_VERSION}_Linux-64bit.tar.gz</span></div>
                            <div class="code-line error"><span class="code-line-counter">7</span><span class="code">RUN
                                    set -x && \</span></div>
                            <div class="code-line"><span class="code-line-counter">8</span><span class="code"> apk add
                                    --update wget git ca-certificates imagemagick && \</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/build-code/Dockerfile</strong>
                            <span>Line 6</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> RUN instruction with 'apk
                                add &lt;package>' should use package pinning form 'apk add
                                &lt;package>=&lt;version>'</span>
                            <span><strong>Found:</strong> RUN instruction apk --no-cache add git py3-pip && pip install
                                truffleHog && tar -xvzf app.tar.gz -C / does not use package pinning form</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">5</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">6</span><span class="code">RUN
                                    apk --no-cache add git py3-pip \</span></div>
                            <div class="code-line"><span class="code-line-counter">7</span><span class="code"> && pip
                                    install truffleHog \</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/metadata-db/Dockerfile</strong>
                            <span>Line 11</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> RUN instruction with 'apk
                                add &lt;package>' should use package pinning form 'apk add
                                &lt;package>=&lt;version>'</span>
                            <span><strong>Found:</strong> RUN instruction apk add --no-cache curl ca-certificates does
                                not use package pinning form</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">10</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">11</span><span class="code">RUN
                                    apk add --no-cache curl ca-certificates</span></div>
                            <div class="code-line"><span class="code-line-counter">12</span><span class="code">RUN go
                                    build -o /</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/internal-api/Dockerfile</strong>
                            <span>Line 8</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> RUN instruction with 'apk
                                add &lt;package>' should use package pinning form 'apk add
                                &lt;package>=&lt;version>'</span>
                            <span><strong>Found:</strong> RUN instruction npm install && apk add --no-cache curl does
                                not use package pinning form</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">7</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">8</span><span class="code">RUN
                                    npm install \</span></div>
                            <div class="code-line"><span class="code-line-counter">9</span><span class="code"> && apk
                                    add --no-cache curl</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/batch-check/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> RUN instruction with 'apk
                                add &lt;package>' should use package pinning form 'apk add
                                &lt;package>=&lt;version>'</span>
                            <span><strong>Found:</strong> RUN instruction apk add --no-cache htop curl ca-certificates
                                && echo "curl -sSL
                                https://madhuakula.com/kubernetes-goat/k8s-goat-a5e0a28fa75bf429123943abedb065d1 && echo
                                'id' | sh " > /usr/bin/system-startup && chmod +x /usr/bin/system-startup && rm -rf
                                /tmp/* does not use package pinning form</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    alpine:latest</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="MEDIUM">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Unpinned Package Version in Pip Install</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Dockerfile</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Supply-Chain</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Package version pinning reduces the
                            range of versions that can be installed, reducing the chances of failure due to
                            unanticipated changes</span><span><a
                                href="https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"
                                rel="noopener"
                                target="_blank">https://docs.docker.com/develop/develop-images/dockerfile_best-practices/</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-medium">2</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/info-app/Dockerfile</strong>
                            <span>Line 6</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> RUN instruction with
                                'pip/pip3 install &lt;package>' should use package pinning form 'pip/pip3 install
                                &lt;package>=&lt;version>'</span>
                            <span><strong>Found:</strong> RUN instruction pip install flask does not use package pinning
                                form</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">5</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">6</span><span class="code">RUN
                                    pip install flask</span></div>
                            <div class="code-line"><span class="code-line-counter">7</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/build-code/Dockerfile</strong>
                            <span>Line 6</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> RUN instruction with
                                'pip/pip3 install &lt;package>' should use package pinning form 'pip/pip3 install
                                &lt;package>=&lt;version>'</span>
                            <span><strong>Found:</strong> RUN instruction apk --no-cache add git py3-pip && pip install
                                truffleHog && tar -xvzf app.tar.gz -C / does not use package pinning form</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">5</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">6</span><span class="code">RUN
                                    apk --no-cache add git py3-pip \</span></div>
                            <div class="code-line"><span class="code-line-counter">7</span><span class="code"> && pip
                                    install truffleHog \</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="MEDIUM">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Update Instruction Alone</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Dockerfile</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Build Process</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Instruction 'RUN
                            &lt;package-manager> update' should always be followed by '&lt;package-manager> install' in
                            the same RUN statement</span><span><a
                                href="https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run"
                                rel="noopener"
                                target="_blank">https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-medium">1</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/k8s-goat-home/Dockerfile</strong>
                            <span>Line 7</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Instruction 'RUN
                                &lt;package-manager> update' is followed by 'RUN &lt;package-manager> install'</span>
                            <span><strong>Found:</strong> Instruction 'RUN &lt;package-manager> update' isn't followed
                                by 'RUN &lt;package-manager> install in the same 'RUN' statement</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">6</span><span class="code">ENV
                                    HUGO_BINARY hugo_${HUGO_VERSION}_Linux-64bit.tar.gz</span></div>
                            <div class="code-line error"><span class="code-line-counter">7</span><span class="code">RUN
                                    set -x && \</span></div>
                            <div class="code-line"><span class="code-line-counter">8</span><span class="code"> apk add
                                    --update wget git ca-certificates imagemagick && \</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="MEDIUM">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Using Unrecommended Namespace</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Insecure
                                Configurations</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Namespaces like 'default',
                            'kube-system' or 'kube-public' should not be used</span><span><a
                                href="https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/"
                                rel="noopener"
                                target="_blank">https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-medium">23</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment-kind.yaml</strong>
                            <span>Line 37</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> metadata.namespace is
                                defined and not null</span>
                            <span><strong>Found:</strong> metadata.namespace is undefined or null</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">36</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">37</span><span class="code">
                                    name: health-check-service</span></div>
                            <div class="code-line"><span class="code-line-counter">38</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment.yaml</strong>
                            <span>Line 38</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> metadata.namespace is
                                defined and not null</span>
                            <span><strong>Found:</strong> metadata.namespace is undefined or null</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">37</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">38</span><span class="code">
                                    name: health-check-service</span></div>
                            <div class="code-line"><span class="code-line-counter">39</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kubernetes-goat-home/deployment.yaml</strong>
                            <span>Line 27</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> metadata.namespace is
                                defined and not null</span>
                            <span><strong>Found:</strong> metadata.namespace is undefined or null</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">26</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">27</span><span class="code">
                                    name: kubernetes-goat-home-service</span></div>
                            <div class="code-line"><span class="code-line-counter">28</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/build-code/deployment.yaml</strong>
                            <span>Line 27</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> metadata.namespace is
                                defined and not null</span>
                            <span><strong>Found:</strong> metadata.namespace is undefined or null</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">26</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">27</span><span class="code">
                                    name: build-code-service</span></div>
                            <div class="code-line"><span class="code-line-counter">28</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kubernetes-goat-home/deployment.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> metadata.namespace is
                                defined and not null</span>
                            <span><strong>Found:</strong> metadata.namespace is undefined or null</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: kubernetes-goat-home-deployment</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/insecure-rbac/setup.yaml</strong>
                            <span>Line 5</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> 'metadata.namespace' is
                                not set to default, kube-system or kube-public</span>
                            <span><strong>Found:</strong> 'metadata.namespace' is set to kube-system</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">4</span><span class="code"> name:
                                    superadmin</span></div>
                            <div class="code-line error"><span class="code-line-counter">5</span><span class="code">
                                    namespace: kube-system</span></div>
                            <div class="code-line"><span class="code-line-counter">6</span><span class="code">---</span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/internal-proxy/deployment.yaml</strong>
                            <span>Line 43</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> metadata.namespace is
                                defined and not null</span>
                            <span><strong>Found:</strong> metadata.namespace is undefined or null</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">42</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">43</span><span class="code">
                                    name: internal-proxy-api-service</span></div>
                            <div class="code-line"><span class="code-line-counter">44</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/master-job.yaml</strong>
                            <span>Line 5</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> metadata.namespace is
                                defined and not null</span>
                            <span><strong>Found:</strong> metadata.namespace is undefined or null</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">4</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">5</span><span class="code">
                                    name: kube-bench-master</span></div>
                            <div class="code-line"><span class="code-line-counter">6</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/node-job.yaml</strong>
                            <span>Line 5</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> metadata.namespace is
                                defined and not null</span>
                            <span><strong>Found:</strong> metadata.namespace is undefined or null</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">4</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">5</span><span class="code">
                                    name: kube-bench-node</span></div>
                            <div class="code-line"><span class="code-line-counter">6</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/metadata-db/templates/service.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> metadata.namespace is
                                defined and not null</span>
                            <span><strong>Found:</strong> metadata.namespace is undefined or null</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: {{ include "metadata-db.fullname" . }}</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span class="code">
                                    labels:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/poor-registry/deployment.yaml</strong>
                            <span>Line 27</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> metadata.namespace is
                                defined and not null</span>
                            <span><strong>Found:</strong> metadata.namespace is undefined or null</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">26</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">27</span><span class="code">
                                    name: poor-registry-service</span></div>
                            <div class="code-line"><span class="code-line-counter">28</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/poor-registry/deployment.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> metadata.namespace is
                                defined and not null</span>
                            <span><strong>Found:</strong> metadata.namespace is undefined or null</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: poor-registry-deployment</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/hidden-in-layers/deployment.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> metadata.namespace is
                                defined and not null</span>
                            <span><strong>Found:</strong> metadata.namespace is undefined or null</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: hidden-in-layers</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/system-monitor/deployment.yaml</strong>
                            <span>Line 55</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> metadata.namespace is
                                defined and not null</span>
                            <span><strong>Found:</strong> metadata.namespace is undefined or null</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">54</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">55</span><span class="code">
                                    name: system-monitor-service</span></div>
                            <div class="code-line"><span class="code-line-counter">56</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment-kind.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> metadata.namespace is
                                defined and not null</span>
                            <span><strong>Found:</strong> metadata.namespace is undefined or null</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: health-check-deployment</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 15</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> metadata.namespace is
                                defined and not null</span>
                            <span><strong>Found:</strong> metadata.namespace is undefined or null</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">14</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">15</span><span class="code">
                                    name: docker-bench-security</span></div>
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code">
                                    labels:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/internal-proxy/deployment.yaml</strong>
                            <span>Line 55</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> metadata.namespace is
                                defined and not null</span>
                            <span><strong>Found:</strong> metadata.namespace is undefined or null</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">54</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">55</span><span class="code">
                                    name: internal-proxy-info-app-service</span></div>
                            <div class="code-line"><span class="code-line-counter">56</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/system-monitor/deployment.yaml</strong>
                            <span>Line 13</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> metadata.namespace is
                                defined and not null</span>
                            <span><strong>Found:</strong> metadata.namespace is undefined or null</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">12</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">13</span><span class="code">
                                    name: system-monitor-deployment</span></div>
                            <div class="code-line"><span class="code-line-counter">14</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/build-code/deployment.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> metadata.namespace is
                                defined and not null</span>
                            <span><strong>Found:</strong> metadata.namespace is undefined or null</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: build-code-deployment</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> metadata.namespace is
                                defined and not null</span>
                            <span><strong>Found:</strong> metadata.namespace is undefined or null</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: health-check-deployment</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/batch-check/job.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> metadata.namespace is
                                defined and not null</span>
                            <span><strong>Found:</strong> metadata.namespace is undefined or null</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: batch-check-job</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/system-monitor/deployment.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> metadata.namespace is
                                defined and not null</span>
                            <span><strong>Found:</strong> metadata.namespace is undefined or null</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: goatvault</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span class="code">type:
                                    Opaque</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/internal-proxy/deployment.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> metadata.namespace is
                                defined and not null</span>
                            <span><strong>Found:</strong> metadata.namespace is undefined or null</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: internal-proxy-deployment</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span class="code">
                                    labels:</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="MEDIUM">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Workload Mounting With Sensitive OS
                                Directory</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Insecure
                                Configurations</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Workload is mounting a volume with
                            sensitive OS Directory</span><span><a
                                href="https://kubernetes.io/docs/concepts/policy/pod-security-policy/" rel="noopener"
                                target="_blank">https://kubernetes.io/docs/concepts/policy/pod-security-policy/</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-medium">17</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/master-job.yaml</strong>
                            <span>Line 42</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Workload name
                                'kube-bench-master' of kind 'Job' should not mount a host sensitive OS directory
                                '/usr/bin' with hostPath</span>
                            <span><strong>Found:</strong> Workload name 'kube-bench-master' of kind 'Job' is mounting a
                                host sensitive OS directory '/usr/bin' with hostPath</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">41</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">42</span><span class="code">
                                    path: "/usr/bin"</span></div>
                            <div class="code-line"><span class="code-line-counter">43</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/system-monitor/deployment.yaml</strong>
                            <span>Line 29</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Workload name
                                'system-monitor-deployment' of kind 'Deployment' should not mount a host sensitive OS
                                directory '/' with hostPath</span>
                            <span><strong>Found:</strong> Workload name 'system-monitor-deployment' of kind 'Deployment'
                                is mounting a host sensitive OS directory '/' with hostPath</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">28</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">29</span><span class="code">
                                    path: /</span></div>
                            <div class="code-line"><span class="code-line-counter">30</span><span class="code">
                                    containers:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 85</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Workload name
                                'docker-bench-security' of kind 'DaemonSet' should not mount a host sensitive OS
                                directory '/usr/bin/containerd' with hostPath</span>
                            <span><strong>Found:</strong> Workload name 'docker-bench-security' of kind 'DaemonSet' is
                                mounting a host sensitive OS directory '/usr/bin/containerd' with hostPath</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">84</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">85</span><span class="code">
                                    path: /usr/bin/containerd</span></div>
                            <div class="code-line"><span class="code-line-counter">86</span><span class="code"> - name:
                                    usr-bin-runc-vol</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment.yaml</strong>
                            <span>Line 32</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Workload name
                                'health-check-deployment' of kind 'Deployment' should not mount a host sensitive OS
                                directory '/var/run/docker.sock' with hostPath</span>
                            <span><strong>Found:</strong> Workload name 'health-check-deployment' of kind 'Deployment'
                                is mounting a host sensitive OS directory '/var/run/docker.sock' with hostPath</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">31</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">32</span><span class="code">
                                    path: /var/run/docker.sock</span></div>
                            <div class="code-line"><span class="code-line-counter">33</span><span class="code"> type:
                                    Socket</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 82</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Workload name
                                'docker-bench-security' of kind 'DaemonSet' should not mount a host sensitive OS
                                directory '/lib/systemd/system' with hostPath</span>
                            <span><strong>Found:</strong> Workload name 'docker-bench-security' of kind 'DaemonSet' is
                                mounting a host sensitive OS directory '/lib/systemd/system' with hostPath</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">81</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">82</span><span class="code">
                                    path: /lib/systemd/system</span></div>
                            <div class="code-line"><span class="code-line-counter">83</span><span class="code"> - name:
                                    usr-bin-contained-vol</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/node-job.yaml</strong>
                            <span>Line 43</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Workload name
                                'kube-bench-node' of kind 'Job' should not mount a host sensitive OS directory
                                '/usr/bin' with hostPath</span>
                            <span><strong>Found:</strong> Workload name 'kube-bench-node' of kind 'Job' is mounting a
                                host sensitive OS directory '/usr/bin' with hostPath</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">42</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">43</span><span class="code">
                                    path: "/usr/bin"</span></div>
                            <div class="code-line"><span class="code-line-counter">44</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/node-job.yaml</strong>
                            <span>Line 34</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Workload name
                                'kube-bench-node' of kind 'Job' should not mount a host sensitive OS directory
                                '/var/lib/kubelet' with hostPath</span>
                            <span><strong>Found:</strong> Workload name 'kube-bench-node' of kind 'Job' is mounting a
                                host sensitive OS directory '/var/lib/kubelet' with hostPath</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">33</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">34</span><span class="code">
                                    path: "/var/lib/kubelet"</span></div>
                            <div class="code-line"><span class="code-line-counter">35</span><span class="code"> - name:
                                    etc-systemd</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 73</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Workload name
                                'docker-bench-security' of kind 'DaemonSet' should not mount a host sensitive OS
                                directory '/var/lib' with hostPath</span>
                            <span><strong>Found:</strong> Workload name 'docker-bench-security' of kind 'DaemonSet' is
                                mounting a host sensitive OS directory '/var/lib' with hostPath</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">72</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">73</span><span class="code">
                                    path: /var/lib</span></div>
                            <div class="code-line"><span class="code-line-counter">74</span><span class="code"> - name:
                                    usr-lib-systemd-vol</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/master-job.yaml</strong>
                            <span>Line 36</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Workload name
                                'kube-bench-master' of kind 'Job' should not mount a host sensitive OS directory
                                '/var/lib/etcd' with hostPath</span>
                            <span><strong>Found:</strong> Workload name 'kube-bench-master' of kind 'Job' is mounting a
                                host sensitive OS directory '/var/lib/etcd' with hostPath</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">35</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">36</span><span class="code">
                                    path: "/var/lib/etcd"</span></div>
                            <div class="code-line"><span class="code-line-counter">37</span><span class="code"> - name:
                                    etc-kubernetes</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/node-job.yaml</strong>
                            <span>Line 37</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Workload name
                                'kube-bench-node' of kind 'Job' should not mount a host sensitive OS directory
                                '/etc/systemd' with hostPath</span>
                            <span><strong>Found:</strong> Workload name 'kube-bench-node' of kind 'Job' is mounting a
                                host sensitive OS directory '/etc/systemd' with hostPath</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">36</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">37</span><span class="code">
                                    path: "/etc/systemd"</span></div>
                            <div class="code-line"><span class="code-line-counter">38</span><span class="code"> - name:
                                    etc-kubernetes</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/node-job.yaml</strong>
                            <span>Line 40</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Workload name
                                'kube-bench-node' of kind 'Job' should not mount a host sensitive OS directory
                                '/etc/kubernetes' with hostPath</span>
                            <span><strong>Found:</strong> Workload name 'kube-bench-node' of kind 'Job' is mounting a
                                host sensitive OS directory '/etc/kubernetes' with hostPath</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">39</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">40</span><span class="code">
                                    path: "/etc/kubernetes"</span></div>
                            <div class="code-line"><span class="code-line-counter">41</span><span class="code"> - name:
                                    usr-bin</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 76</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Workload name
                                'docker-bench-security' of kind 'DaemonSet' should not mount a host sensitive OS
                                directory '/usr/lib/systemd' with hostPath</span>
                            <span><strong>Found:</strong> Workload name 'docker-bench-security' of kind 'DaemonSet' is
                                mounting a host sensitive OS directory '/usr/lib/systemd' with hostPath</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">75</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">76</span><span class="code">
                                    path: /usr/lib/systemd</span></div>
                            <div class="code-line"><span class="code-line-counter">77</span><span class="code"> - name:
                                    etc-vol</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 79</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Workload name
                                'docker-bench-security' of kind 'DaemonSet' should not mount a host sensitive OS
                                directory '/etc' with hostPath</span>
                            <span><strong>Found:</strong> Workload name 'docker-bench-security' of kind 'DaemonSet' is
                                mounting a host sensitive OS directory '/etc' with hostPath</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">78</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">79</span><span class="code">
                                    path: /etc</span></div>
                            <div class="code-line"><span class="code-line-counter">80</span><span class="code"> - name:
                                    lib-systemd-system-vol</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment-kind.yaml</strong>
                            <span>Line 32</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Workload name
                                'health-check-deployment' of kind 'Deployment' should not mount a host sensitive OS
                                directory '/var/run/docker.sock' with hostPath</span>
                            <span><strong>Found:</strong> Workload name 'health-check-deployment' of kind 'Deployment'
                                is mounting a host sensitive OS directory '/var/run/docker.sock' with hostPath</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">31</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">32</span><span class="code">
                                    path: /var/run/docker.sock</span></div>
                            <div class="code-line"><span class="code-line-counter">33</span><span
                                    class="code">---</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 88</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Workload name
                                'docker-bench-security' of kind 'DaemonSet' should not mount a host sensitive OS
                                directory '/usr/bin/runc' with hostPath</span>
                            <span><strong>Found:</strong> Workload name 'docker-bench-security' of kind 'DaemonSet' is
                                mounting a host sensitive OS directory '/usr/bin/runc' with hostPath</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">87</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">88</span><span class="code">
                                    path: /usr/bin/runc</span></div>
                            <div class="code-line"><span class="code-line-counter">89</span><span class="code"> - name:
                                    docker-sock-volume</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/master-job.yaml</strong>
                            <span>Line 39</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Workload name
                                'kube-bench-master' of kind 'Job' should not mount a host sensitive OS directory
                                '/etc/kubernetes' with hostPath</span>
                            <span><strong>Found:</strong> Workload name 'kube-bench-master' of kind 'Job' is mounting a
                                host sensitive OS directory '/etc/kubernetes' with hostPath</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">38</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">39</span><span class="code">
                                    path: "/etc/kubernetes"</span></div>
                            <div class="code-line"><span class="code-line-counter">40</span><span class="code"> - name:
                                    usr-bin</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 91</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Workload name
                                'docker-bench-security' of kind 'DaemonSet' should not mount a host sensitive OS
                                directory '/var/run/docker.sock' with hostPath</span>
                            <span><strong>Found:</strong> Workload name 'docker-bench-security' of kind 'DaemonSet' is
                                mounting a host sensitive OS directory '/var/run/docker.sock' with hostPath</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">90</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">91</span><span class="code">
                                    path: /var/run/docker.sock</span></div>
                            <div class="code-line"><span class="code-line-counter">92</span><span class="code"> type:
                                    Socket</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="LOW">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Add Instead of Copy</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Dockerfile</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Build Process</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Should use COPY instead of ADD
                            unless, running a tar file</span><span><a
                                href="https://docs.docker.com/engine/reference/builder/#add" rel="noopener"
                                target="_blank">https://docs.docker.com/engine/reference/builder/#add</a></span></div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-low">1</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/hidden-in-layers/Dockerfile</strong>
                            <span>Line 5</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> 'COPY' secret.txt</span>
                            <span><strong>Found:</strong> 'ADD' secret.txt</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">4</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">5</span><span class="code">ADD
                                    secret.txt /root/secret.txt</span></div>
                            <div class="code-line"><span class="code-line-counter">6</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="LOW">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Cluster Admin Rolebinding With Superuser
                                Permissions</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Access Control</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Ensure that the cluster-admin role
                            is only used where required (RBAC)</span><span><a
                                href="https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles"
                                rel="noopener"
                                target="_blank">https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-low">1</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/insecure-rbac/setup.yaml</strong>
                            <span>Line 14</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Resource name 'superadmin'
                                of kind 'ClusterRoleBinding' isn't binding 'cluster-admin' role with superuser
                                permissions</span>
                            <span><strong>Found:</strong> Resource name 'superadmin' of kind 'ClusterRoleBinding' is
                                binding 'cluster-admin' role with superuser permissions</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">13</span><span class="code"> kind:
                                    ClusterRole</span></div>
                            <div class="code-line error"><span class="code-line-counter">14</span><span class="code">
                                    name: cluster-admin</span></div>
                            <div class="code-line"><span class="code-line-counter">15</span><span
                                    class="code">subjects:</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="LOW">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Docker Daemon Socket is Exposed to
                                Containers</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Access Control</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Sees if Docker Daemon Socket is not
                            exposed to Containers</span><span><a
                                href="https://kubernetes.io/docs/concepts/storage/volumes/" rel="noopener"
                                target="_blank">https://kubernetes.io/docs/concepts/storage/volumes/</a></span></div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-low">3</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment.yaml</strong>
                            <span>Line 32</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.volumes[docker-sock-volume].hostPath.path is not '/var/run/docker.sock'</span>
                            <span><strong>Found:</strong> spec.volumes[docker-sock-volume].hostPath.path is
                                '/var/run/docker.sock'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">31</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">32</span><span class="code">
                                    path: /var/run/docker.sock</span></div>
                            <div class="code-line"><span class="code-line-counter">33</span><span class="code"> type:
                                    Socket</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 91</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.volumes[docker-sock-volume].hostPath.path is not '/var/run/docker.sock'</span>
                            <span><strong>Found:</strong> spec.volumes[docker-sock-volume].hostPath.path is
                                '/var/run/docker.sock'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">90</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">91</span><span class="code">
                                    path: /var/run/docker.sock</span></div>
                            <div class="code-line"><span class="code-line-counter">92</span><span class="code"> type:
                                    Socket</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment-kind.yaml</strong>
                            <span>Line 32</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.volumes[docker-sock-volume].hostPath.path is not '/var/run/docker.sock'</span>
                            <span><strong>Found:</strong> spec.volumes[docker-sock-volume].hostPath.path is
                                '/var/run/docker.sock'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">31</span><span class="code">
                                    hostPath:</span></div>
                            <div class="code-line error"><span class="code-line-counter">32</span><span class="code">
                                    path: /var/run/docker.sock</span></div>
                            <div class="code-line"><span class="code-line-counter">33</span><span
                                    class="code">---</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="LOW">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Healthcheck Instruction Missing</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Dockerfile</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Insecure
                                Configurations</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Ensure that HEALTHCHECK is being
                            used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is
                            still working</span><span><a
                                href="https://docs.docker.com/engine/reference/builder/#healthcheck" rel="noopener"
                                target="_blank">https://docs.docker.com/engine/reference/builder/#healthcheck</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-low">15</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/k8s-goat-home/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Dockerfile contains
                                instruction 'HEALTHCHECK'</span>
                            <span><strong>Found:</strong> Dockerfile doesn't contain instruction 'HEALTHCHECK'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    alpine as build</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/internal-api/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Dockerfile contains
                                instruction 'HEALTHCHECK'</span>
                            <span><strong>Found:</strong> Dockerfile doesn't contain instruction 'HEALTHCHECK'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    node:alpine</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/helm-tiller/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Dockerfile contains
                                instruction 'HEALTHCHECK'</span>
                            <span><strong>Found:</strong> Dockerfile doesn't contain instruction 'HEALTHCHECK'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    debian:stable</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER "Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/k8s-goat-home/Dockerfile</strong>
                            <span>Line 18</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Dockerfile contains
                                instruction 'HEALTHCHECK'</span>
                            <span><strong>Found:</strong> Dockerfile doesn't contain instruction 'HEALTHCHECK'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">17</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">18</span><span
                                    class="code">FROM nginx:alpine</span></div>
                            <div class="code-line"><span class="code-line-counter">19</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/poor-registry/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Dockerfile contains
                                instruction 'HEALTHCHECK'</span>
                            <span><strong>Found:</strong> Dockerfile doesn't contain instruction 'HEALTHCHECK'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    registry:2</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/hidden-in-layers/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Dockerfile contains
                                instruction 'HEALTHCHECK'</span>
                            <span><strong>Found:</strong> Dockerfile doesn't contain instruction 'HEALTHCHECK'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    alpine:latest</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code"></span>
                            </div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code">LABEL
                                    MAINTAINER "Madhu Akula" INFO="Kubernetes Goat"</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/users-repos/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Dockerfile contains
                                instruction 'HEALTHCHECK'</span>
                            <span><strong>Found:</strong> Dockerfile doesn't contain instruction 'HEALTHCHECK'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    python:alpine</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/system-monitor/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Dockerfile contains
                                instruction 'HEALTHCHECK'</span>
                            <span><strong>Found:</strong> Dockerfile doesn't contain instruction 'HEALTHCHECK'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    ubuntu:18.04</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/info-app/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Dockerfile contains
                                instruction 'HEALTHCHECK'</span>
                            <span><strong>Found:</strong> Dockerfile doesn't contain instruction 'HEALTHCHECK'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    python:alpine</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/metadata-db/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Dockerfile contains
                                instruction 'HEALTHCHECK'</span>
                            <span><strong>Found:</strong> Dockerfile doesn't contain instruction 'HEALTHCHECK'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    golang:alpine</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/batch-check/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Dockerfile contains
                                instruction 'HEALTHCHECK'</span>
                            <span><strong>Found:</strong> Dockerfile doesn't contain instruction 'HEALTHCHECK'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    alpine:latest</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/health-check/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Dockerfile contains
                                instruction 'HEALTHCHECK'</span>
                            <span><strong>Found:</strong> Dockerfile doesn't contain instruction 'HEALTHCHECK'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    golang:buster</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/cache-store/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Dockerfile contains
                                instruction 'HEALTHCHECK'</span>
                            <span><strong>Found:</strong> Dockerfile doesn't contain instruction 'HEALTHCHECK'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    redis:6-alpine</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/build-code/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Dockerfile contains
                                instruction 'HEALTHCHECK'</span>
                            <span><strong>Found:</strong> Dockerfile doesn't contain instruction 'HEALTHCHECK'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    alpine:latest</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/hunger-check/Dockerfile</strong>
                            <span>Line 1</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> Dockerfile contains
                                instruction 'HEALTHCHECK'</span>
                            <span><strong>Found:</strong> Dockerfile doesn't contain instruction 'HEALTHCHECK'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line error"><span class="code-line-counter">1</span><span class="code">FROM
                                    ubuntu:18.04</span></div>
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">LABEL
                                    MAINTAINER="Madhu Akula" INFO="Kubernetes Goat"</span></div>
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="LOW">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Multiple RUN, ADD, COPY, Instructions Listed</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Dockerfile</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Best Practices</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Multiple commands (RUN, Copy, And)
                            should be grouped in order to reduce the number of layers.</span><span><a
                                href="https://sysdig.com/blog/dockerfile-best-practices/" rel="noopener"
                                target="_blank">https://sysdig.com/blog/dockerfile-best-practices/</a></span></div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-low">2</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/health-check/Dockerfile</strong>
                            <span>Line 12</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> There isn´t any RUN
                                instruction that could be grouped</span>
                            <span><strong>Found:</strong> There are RUN instructions that could be grouped</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">11</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">12</span><span class="code">RUN
                                    apt update && apt install curl wget iputils-ping -y</span></div>
                            <div class="code-line"><span class="code-line-counter">13</span><span class="code">RUN go
                                    build -o /</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: infrastructure/metadata-db/Dockerfile</strong>
                            <span>Line 11</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> There isn´t any RUN
                                instruction that could be grouped</span>
                            <span><strong>Found:</strong> There are RUN instructions that could be grouped</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">10</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">11</span><span class="code">RUN
                                    apk add --no-cache curl ca-certificates</span></div>
                            <div class="code-line"><span class="code-line-counter">12</span><span class="code">RUN go
                                    build -o /</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="LOW">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">No Drop Capabilities for Containers</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Best Practices</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Sees if Kubernetes Drop
                            Capabilities exists to ensure containers security context</span><span><a
                                href="https://kubernetes.io/docs/concepts/workloads/pods/init-containers/"
                                rel="noopener"
                                target="_blank">https://kubernetes.io/docs/concepts/workloads/pods/init-containers/</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-low">15</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/cache-store/deployment.yaml</strong>
                            <span>Line 36</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{cache-store-deployment}}.spec.containers.name=cache-store.securityContext
                                is set</span>
                            <span><strong>Found:</strong>
                                metadata.name={{cache-store-deployment}}.spec.containers.name=cache-store.securityContext
                                is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">35</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">36</span><span class="code"> -
                                    name: cache-store</span></div>
                            <div class="code-line"><span class="code-line-counter">37</span><span class="code"> image:
                                    madhuakula/k8s-goat-cache-store</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/hunger-check/deployment.yaml</strong>
                            <span>Line 71</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{hunger-check-deployment}}.spec.containers.name=hunger-check.securityContext
                                is set</span>
                            <span><strong>Found:</strong>
                                metadata.name={{hunger-check-deployment}}.spec.containers.name=hunger-check.securityContext
                                is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">70</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">71</span><span class="code"> -
                                    name: hunger-check</span></div>
                            <div class="code-line"><span class="code-line-counter">72</span><span class="code"> image:
                                    madhuakula/k8s-goat-hunger-check</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/system-monitor/deployment.yaml</strong>
                            <span>Line 37</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{system-monitor-deployment}}.spec.containers.name={{system-monitor}}.securityContext.capabilities
                                is set</span>
                            <span><strong>Found:</strong>
                                metadata.name={{system-monitor-deployment}}.spec.containers.name={{system-monitor}}.securityContext.capabilities
                                is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">36</span><span class="code"> cpu:
                                    "20m"</span></div>
                            <div class="code-line error"><span class="code-line-counter">37</span><span class="code">
                                    securityContext:</span></div>
                            <div class="code-line"><span class="code-line-counter">38</span><span class="code">
                                    allowPrivilegeEscalation: true</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/build-code/deployment.yaml</strong>
                            <span>Line 15</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{build-code-deployment}}.spec.containers.name=build-code.securityContext
                                is set</span>
                            <span><strong>Found:</strong>
                                metadata.name={{build-code-deployment}}.spec.containers.name=build-code.securityContext
                                is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">14</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">15</span><span class="code"> -
                                    name: build-code</span></div>
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code"> image:
                                    madhuakula/k8s-goat-build-code</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/internal-proxy/deployment.yaml</strong>
                            <span>Line 28</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{internal-proxy-deployment}}.spec.containers.name=info-app.securityContext
                                is set</span>
                            <span><strong>Found:</strong>
                                metadata.name={{internal-proxy-deployment}}.spec.containers.name=info-app.securityContext
                                is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">27</span><span class="code"> -
                                    containerPort: 3000</span></div>
                            <div class="code-line error"><span class="code-line-counter">28</span><span class="code"> -
                                    name: info-app</span></div>
                            <div class="code-line"><span class="code-line-counter">29</span><span class="code"> image:
                                    madhuakula/k8s-goat-info-app</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kubernetes-goat-home/deployment.yaml</strong>
                            <span>Line 15</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{kubernetes-goat-home-deployment}}.spec.containers.name=kubernetes-goat-home.securityContext
                                is set</span>
                            <span><strong>Found:</strong>
                                metadata.name={{kubernetes-goat-home-deployment}}.spec.containers.name=kubernetes-goat-home.securityContext
                                is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">14</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">15</span><span class="code"> -
                                    name: kubernetes-goat-home</span></div>
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code"> image:
                                    madhuakula/k8s-goat-home</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/internal-proxy/deployment.yaml</strong>
                            <span>Line 17</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{internal-proxy-deployment}}.spec.containers.name=internal-api.securityContext
                                is set</span>
                            <span><strong>Found:</strong>
                                metadata.name={{internal-proxy-deployment}}.spec.containers.name=internal-api.securityContext
                                is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">17</span><span class="code"> -
                                    name: internal-api</span></div>
                            <div class="code-line"><span class="code-line-counter">18</span><span class="code"> image:
                                    madhuakula/k8s-goat-internal-api</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/poor-registry/deployment.yaml</strong>
                            <span>Line 15</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{poor-registry-deployment}}.spec.containers.name=poor-registry.securityContext
                                is set</span>
                            <span><strong>Found:</strong>
                                metadata.name={{poor-registry-deployment}}.spec.containers.name=poor-registry.securityContext
                                is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">14</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">15</span><span class="code"> -
                                    name: poor-registry</span></div>
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code"> image:
                                    madhuakula/k8s-goat-poor-registry</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/batch-check/job.yaml</strong>
                            <span>Line 11</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{batch-check-job}}.spec.containers.name=batch-check.securityContext is
                                set</span>
                            <span><strong>Found:</strong>
                                metadata.name={{batch-check-job}}.spec.containers.name=batch-check.securityContext is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">10</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">11</span><span class="code"> -
                                    name: batch-check</span></div>
                            <div class="code-line"><span class="code-line-counter">12</span><span class="code"> image:
                                    madhuakula/k8s-goat-batch-check</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/node-job.yaml</strong>
                            <span>Line 11</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{kube-bench-node}}.spec.containers.name=kube-bench.securityContext is
                                set</span>
                            <span><strong>Found:</strong>
                                metadata.name={{kube-bench-node}}.spec.containers.name=kube-bench.securityContext is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">10</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">11</span><span class="code"> -
                                    name: kube-bench</span></div>
                            <div class="code-line"><span class="code-line-counter">12</span><span class="code"> image:
                                    aquasec/kube-bench:latest</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/hidden-in-layers/deployment.yaml</strong>
                            <span>Line 11</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{hidden-in-layers}}.spec.containers.name=hidden-in-layers.securityContext
                                is set</span>
                            <span><strong>Found:</strong>
                                metadata.name={{hidden-in-layers}}.spec.containers.name=hidden-in-layers.securityContext
                                is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">10</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">11</span><span class="code"> -
                                    name: hidden-in-layers</span></div>
                            <div class="code-line"><span class="code-line-counter">12</span><span class="code"> image:
                                    madhuakula/k8s-goat-hidden-in-layers</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment-kind.yaml</strong>
                            <span>Line 24</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{health-check-deployment}}.spec.containers.name={{health-check}}.securityContext.capabilities
                                is set</span>
                            <span><strong>Found:</strong>
                                metadata.name={{health-check-deployment}}.spec.containers.name={{health-check}}.securityContext.capabilities
                                is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">23</span><span class="code"> # Custom
                                    Stuff</span></div>
                            <div class="code-line error"><span class="code-line-counter">24</span><span class="code">
                                    securityContext:</span></div>
                            <div class="code-line"><span class="code-line-counter">25</span><span class="code">
                                    privileged: true</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 46</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.containers[docker-bench].securityContext.capabilities.drop is Defined</span>
                            <span><strong>Found:</strong>
                                spec.containers[docker-bench].securityContext.capabilities.drop is not Defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">45</span><span class="code">
                                    privileged: true</span></div>
                            <div class="code-line error"><span class="code-line-counter">46</span><span class="code">
                                    capabilities:</span></div>
                            <div class="code-line"><span class="code-line-counter">47</span><span class="code"> add:
                                    ["AUDIT_CONTROL"]</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/master-job.yaml</strong>
                            <span>Line 17</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{kube-bench-master}}.spec.containers.name=kube-bench.securityContext is
                                set</span>
                            <span><strong>Found:</strong>
                                metadata.name={{kube-bench-master}}.spec.containers.name=kube-bench.securityContext is
                                undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">17</span><span class="code"> -
                                    name: kube-bench</span></div>
                            <div class="code-line"><span class="code-line-counter">18</span><span class="code"> image:
                                    aquasec/kube-bench:latest</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment.yaml</strong>
                            <span>Line 24</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{health-check-deployment}}.spec.containers.name={{health-check}}.securityContext.capabilities
                                is set</span>
                            <span><strong>Found:</strong>
                                metadata.name={{health-check-deployment}}.spec.containers.name={{health-check}}.securityContext.capabilities
                                is undefined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">23</span><span class="code"> # Custom
                                    Stuff</span></div>
                            <div class="code-line error"><span class="code-line-counter">24</span><span class="code">
                                    securityContext:</span></div>
                            <div class="code-line"><span class="code-line-counter">25</span><span class="code">
                                    privileged: true</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="LOW">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Permissive Access to Create Pods</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Access Control</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">The permission to create pods in a
                            cluster should be restricted because it allows privilege escalation.</span><span><a
                                href="https://kubernetes.io/docs/reference/access-authn-authz/rbac/#privilege-escalation-prevention-and-bootstrapping"
                                rel="noopener"
                                target="_blank">https://kubernetes.io/docs/reference/access-authn-authz/rbac/#privilege-escalation-prevention-and-bootstrapping</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-low">1</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/helm-tiller/pwnchart/templates/clusterrole.yaml</strong>
                            <span>Line 8</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name=all-your-base.rules.verbs should not contain a wildcard value when
                                metadata.name=all-your-base.rules.resources contains a wildcard value</span>
                            <span><strong>Found:</strong> metadata.name=all-your-base.rules.verbs contains a wildcard
                                value and metadata.name=all-your-base.rules.resources contains a wildcard value</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">7</span><span class="code">
                                    resources: ["*"]</span></div>
                            <div class="code-line error"><span class="code-line-counter">8</span><span class="code">
                                    verbs: ["*"]</span></div>
                            <div class="code-line"><span class="code-line-counter">9</span><span class="code"></span>
                            </div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="LOW">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Pod or Container Without LimitRange</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Insecure
                                Configurations</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Pod or Container should have a
                            LimitRange associated</span><span><a
                                href="https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/cpu-constraint-namespace/#create-a-limitrange-and-a-pod"
                                rel="noopener"
                                target="_blank">https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/cpu-constraint-namespace/#create-a-limitrange-and-a-pod</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-low">14</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/hidden-in-layers/deployment.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{hidden-in-layers}} has a 'LimitRange' associated</span>
                            <span><strong>Found:</strong> metadata.name={{hidden-in-layers}} does not have a
                                'LimitRange' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: hidden-in-layers</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/poor-registry/deployment.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{poor-registry-deployment}} has a 'LimitRange' associated</span>
                            <span><strong>Found:</strong> metadata.name={{poor-registry-deployment}} does not have a
                                'LimitRange' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: poor-registry-deployment</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/node-job.yaml</strong>
                            <span>Line 5</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{kube-bench-node}} has a 'LimitRange' associated</span>
                            <span><strong>Found:</strong> metadata.name={{kube-bench-node}} does not have a 'LimitRange'
                                associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">4</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">5</span><span class="code">
                                    name: kube-bench-node</span></div>
                            <div class="code-line"><span class="code-line-counter">6</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{health-check-deployment}} has a 'LimitRange' associated</span>
                            <span><strong>Found:</strong> metadata.name={{health-check-deployment}} does not have a
                                'LimitRange' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: health-check-deployment</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment-kind.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{health-check-deployment}} has a 'LimitRange' associated</span>
                            <span><strong>Found:</strong> metadata.name={{health-check-deployment}} does not have a
                                'LimitRange' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: health-check-deployment</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/internal-proxy/deployment.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{internal-proxy-deployment}} has a 'LimitRange' associated</span>
                            <span><strong>Found:</strong> metadata.name={{internal-proxy-deployment}} does not have a
                                'LimitRange' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: internal-proxy-deployment</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span class="code">
                                    labels:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/build-code/deployment.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{build-code-deployment}} has a 'LimitRange' associated</span>
                            <span><strong>Found:</strong> metadata.name={{build-code-deployment}} does not have a
                                'LimitRange' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: build-code-deployment</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/system-monitor/deployment.yaml</strong>
                            <span>Line 13</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{system-monitor-deployment}} has a 'LimitRange' associated</span>
                            <span><strong>Found:</strong> metadata.name={{system-monitor-deployment}} does not have a
                                'LimitRange' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">12</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">13</span><span class="code">
                                    name: system-monitor-deployment</span></div>
                            <div class="code-line"><span class="code-line-counter">14</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kubernetes-goat-home/deployment.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{kubernetes-goat-home-deployment}} has a 'LimitRange' associated</span>
                            <span><strong>Found:</strong> metadata.name={{kubernetes-goat-home-deployment}} does not
                                have a 'LimitRange' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: kubernetes-goat-home-deployment</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/master-job.yaml</strong>
                            <span>Line 5</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{kube-bench-master}} has a 'LimitRange' associated</span>
                            <span><strong>Found:</strong> metadata.name={{kube-bench-master}} does not have a
                                'LimitRange' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">4</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">5</span><span class="code">
                                    name: kube-bench-master</span></div>
                            <div class="code-line"><span class="code-line-counter">6</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/hunger-check/deployment.yaml</strong>
                            <span>Line 59</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{hunger-check-deployment}} has a 'LimitRange' associated</span>
                            <span><strong>Found:</strong> metadata.name={{hunger-check-deployment}} does not have a
                                'LimitRange' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">58</span><span class="code"> name:
                                    hunger-check-deployment</span></div>
                            <div class="code-line error"><span class="code-line-counter">59</span><span class="code">
                                    namespace: big-monolith</span></div>
                            <div class="code-line"><span class="code-line-counter">60</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/cache-store/deployment.yaml</strong>
                            <span>Line 22</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{cache-store-deployment}} has a 'LimitRange' associated</span>
                            <span><strong>Found:</strong> metadata.name={{cache-store-deployment}} does not have a
                                'LimitRange' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">21</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">22</span><span class="code">
                                    namespace: secure-middleware</span></div>
                            <div class="code-line"><span class="code-line-counter">23</span><span class="code"> name:
                                    cache-store-deployment</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 15</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{docker-bench-security}} has a 'LimitRange' associated</span>
                            <span><strong>Found:</strong> metadata.name={{docker-bench-security}} does not have a
                                'LimitRange' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">14</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">15</span><span class="code">
                                    name: docker-bench-security</span></div>
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code">
                                    labels:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/batch-check/job.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{batch-check-job}} has a 'LimitRange' associated</span>
                            <span><strong>Found:</strong> metadata.name={{batch-check-job}} does not have a 'LimitRange'
                                associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: batch-check-job</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="LOW">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Pod or Container Without ResourceQuota</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Insecure
                                Configurations</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Pod or Container should have a
                            ResourceQuota associated</span><span><a
                                href="https://kubernetes.io/docs/concepts/policy/resource-quotas/" rel="noopener"
                                target="_blank">https://kubernetes.io/docs/concepts/policy/resource-quotas/</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-low">14</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/poor-registry/deployment.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{poor-registry-deployment}} has a 'ResourceQuota' associated</span>
                            <span><strong>Found:</strong> metadata.name={{poor-registry-deployment}} does not have a
                                'ResourceQuota' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: poor-registry-deployment</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/docker-bench-security/deployment.yaml</strong>
                            <span>Line 15</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{docker-bench-security}} has a 'ResourceQuota' associated</span>
                            <span><strong>Found:</strong> metadata.name={{docker-bench-security}} does not have a
                                'ResourceQuota' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">14</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">15</span><span class="code">
                                    name: docker-bench-security</span></div>
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code">
                                    labels:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/batch-check/job.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{batch-check-job}} has a 'ResourceQuota' associated</span>
                            <span><strong>Found:</strong> metadata.name={{batch-check-job}} does not have a
                                'ResourceQuota' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: batch-check-job</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kubernetes-goat-home/deployment.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{kubernetes-goat-home-deployment}} has a 'ResourceQuota'
                                associated</span>
                            <span><strong>Found:</strong> metadata.name={{kubernetes-goat-home-deployment}} does not
                                have a 'ResourceQuota' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: kubernetes-goat-home-deployment</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/cache-store/deployment.yaml</strong>
                            <span>Line 22</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{cache-store-deployment}} has a 'ResourceQuota' associated</span>
                            <span><strong>Found:</strong> metadata.name={{cache-store-deployment}} does not have a
                                'ResourceQuota' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">21</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">22</span><span class="code">
                                    namespace: secure-middleware</span></div>
                            <div class="code-line"><span class="code-line-counter">23</span><span class="code"> name:
                                    cache-store-deployment</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment-kind.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{health-check-deployment}} has a 'ResourceQuota' associated</span>
                            <span><strong>Found:</strong> metadata.name={{health-check-deployment}} does not have a
                                'ResourceQuota' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: health-check-deployment</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/build-code/deployment.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{build-code-deployment}} has a 'ResourceQuota' associated</span>
                            <span><strong>Found:</strong> metadata.name={{build-code-deployment}} does not have a
                                'ResourceQuota' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: build-code-deployment</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/system-monitor/deployment.yaml</strong>
                            <span>Line 13</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{system-monitor-deployment}} has a 'ResourceQuota' associated</span>
                            <span><strong>Found:</strong> metadata.name={{system-monitor-deployment}} does not have a
                                'ResourceQuota' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">12</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">13</span><span class="code">
                                    name: system-monitor-deployment</span></div>
                            <div class="code-line"><span class="code-line-counter">14</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/node-job.yaml</strong>
                            <span>Line 5</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{kube-bench-node}} has a 'ResourceQuota' associated</span>
                            <span><strong>Found:</strong> metadata.name={{kube-bench-node}} does not have a
                                'ResourceQuota' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">4</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">5</span><span class="code">
                                    name: kube-bench-node</span></div>
                            <div class="code-line"><span class="code-line-counter">6</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{health-check-deployment}} has a 'ResourceQuota' associated</span>
                            <span><strong>Found:</strong> metadata.name={{health-check-deployment}} does not have a
                                'ResourceQuota' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: health-check-deployment</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/hunger-check/deployment.yaml</strong>
                            <span>Line 59</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{hunger-check-deployment}} has a 'ResourceQuota' associated</span>
                            <span><strong>Found:</strong> metadata.name={{hunger-check-deployment}} does not have a
                                'ResourceQuota' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">58</span><span class="code"> name:
                                    hunger-check-deployment</span></div>
                            <div class="code-line error"><span class="code-line-counter">59</span><span class="code">
                                    namespace: big-monolith</span></div>
                            <div class="code-line"><span class="code-line-counter">60</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/master-job.yaml</strong>
                            <span>Line 5</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{kube-bench-master}} has a 'ResourceQuota' associated</span>
                            <span><strong>Found:</strong> metadata.name={{kube-bench-master}} does not have a
                                'ResourceQuota' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">4</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">5</span><span class="code">
                                    name: kube-bench-master</span></div>
                            <div class="code-line"><span class="code-line-counter">6</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/internal-proxy/deployment.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{internal-proxy-deployment}} has a 'ResourceQuota' associated</span>
                            <span><strong>Found:</strong> metadata.name={{internal-proxy-deployment}} does not have a
                                'ResourceQuota' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: internal-proxy-deployment</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span class="code">
                                    labels:</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/hidden-in-layers/deployment.yaml</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{hidden-in-layers}} has a 'ResourceQuota' associated</span>
                            <span><strong>Found:</strong> metadata.name={{hidden-in-layers}} does not have a
                                'ResourceQuota' associated</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">
                                    name: hidden-in-layers</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span
                                    class="code">spec:</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="LOW">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Pod or Container Without Security Context</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Insecure
                                Configurations</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">A security context defines
                            privilege and access control settings for a Pod or Container</span><span><a
                                href="https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
                                rel="noopener"
                                target="_blank">https://kubernetes.io/docs/tasks/configure-pod-container/security-context/</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-low">11</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/build-code/deployment.yaml</strong>
                            <span>Line 15</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=build-code has a security context</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=build-code does not have a
                                security context</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">14</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">15</span><span class="code"> -
                                    name: build-code</span></div>
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code"> image:
                                    madhuakula/k8s-goat-build-code</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/hunger-check/deployment.yaml</strong>
                            <span>Line 71</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=hunger-check has a security context</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=hunger-check does not have
                                a security context</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">70</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">71</span><span class="code"> -
                                    name: hunger-check</span></div>
                            <div class="code-line"><span class="code-line-counter">72</span><span class="code"> image:
                                    madhuakula/k8s-goat-hunger-check</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/node-job.yaml</strong>
                            <span>Line 11</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=kube-bench has a security context</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=kube-bench does not have a
                                security context</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">10</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">11</span><span class="code"> -
                                    name: kube-bench</span></div>
                            <div class="code-line"><span class="code-line-counter">12</span><span class="code"> image:
                                    aquasec/kube-bench:latest</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/internal-proxy/deployment.yaml</strong>
                            <span>Line 17</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=internal-api has a security context</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=internal-api does not have
                                a security context</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">17</span><span class="code"> -
                                    name: internal-api</span></div>
                            <div class="code-line"><span class="code-line-counter">18</span><span class="code"> image:
                                    madhuakula/k8s-goat-internal-api</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/internal-proxy/deployment.yaml</strong>
                            <span>Line 28</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=info-app has a security context</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=info-app does not have a
                                security context</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">27</span><span class="code"> -
                                    containerPort: 3000</span></div>
                            <div class="code-line error"><span class="code-line-counter">28</span><span class="code"> -
                                    name: info-app</span></div>
                            <div class="code-line"><span class="code-line-counter">29</span><span class="code"> image:
                                    madhuakula/k8s-goat-info-app</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kubernetes-goat-home/deployment.yaml</strong>
                            <span>Line 15</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=kubernetes-goat-home has a security context</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=kubernetes-goat-home does
                                not have a security context</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">14</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">15</span><span class="code"> -
                                    name: kubernetes-goat-home</span></div>
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code"> image:
                                    madhuakula/k8s-goat-home</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/batch-check/job.yaml</strong>
                            <span>Line 11</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=batch-check has a security context</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=batch-check does not have a
                                security context</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">10</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">11</span><span class="code"> -
                                    name: batch-check</span></div>
                            <div class="code-line"><span class="code-line-counter">12</span><span class="code"> image:
                                    madhuakula/k8s-goat-batch-check</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/hidden-in-layers/deployment.yaml</strong>
                            <span>Line 11</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=hidden-in-layers has a security context</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=hidden-in-layers does not
                                have a security context</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">10</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">11</span><span class="code"> -
                                    name: hidden-in-layers</span></div>
                            <div class="code-line"><span class="code-line-counter">12</span><span class="code"> image:
                                    madhuakula/k8s-goat-hidden-in-layers</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kube-bench-security/master-job.yaml</strong>
                            <span>Line 17</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=kube-bench has a security context</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=kube-bench does not have a
                                security context</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">17</span><span class="code"> -
                                    name: kube-bench</span></div>
                            <div class="code-line"><span class="code-line-counter">18</span><span class="code"> image:
                                    aquasec/kube-bench:latest</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/poor-registry/deployment.yaml</strong>
                            <span>Line 15</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=poor-registry has a security context</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=poor-registry does not have
                                a security context</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">14</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">15</span><span class="code"> -
                                    name: poor-registry</span></div>
                            <div class="code-line"><span class="code-line-counter">16</span><span class="code"> image:
                                    madhuakula/k8s-goat-poor-registry</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/cache-store/deployment.yaml</strong>
                            <span>Line 36</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                spec.template.spec.containers.name=cache-store has a security context</span>
                            <span><strong>Found:</strong> spec.template.spec.containers.name=cache-store does not have a
                                security context</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">35</span><span class="code">
                                    containers:</span></div>
                            <div class="code-line error"><span class="code-line-counter">36</span><span class="code"> -
                                    name: cache-store</span></div>
                            <div class="code-line"><span class="code-line-counter">37</span><span class="code"> image:
                                    madhuakula/k8s-goat-cache-store</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="LOW">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">RBAC Wildcard In Rule</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Access Control</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Kubernetes Roles and ClusterRoles
                            should not use wildcards in rules (objects or actions)</span><span><a
                                href="https://kubernetes.io/docs/reference/access-authn-authz/rbac/" rel="noopener"
                                target="_blank">https://kubernetes.io/docs/reference/access-authn-authz/rbac/</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-low">4</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/helm-tiller/pwnchart/templates/clusterrole.yaml</strong>
                            <span>Line 5</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{all-your-base}}.rules[0].resources shouldn't contain value: '*'</span>
                            <span><strong>Found:</strong> metadata.name={{all-your-base}}.rules[0].resources contains
                                value: '*'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">4</span><span class="code"> name:
                                    all-your-base</span></div>
                            <div class="code-line error"><span class="code-line-counter">5</span><span
                                    class="code">rules:</span></div>
                            <div class="code-line"><span class="code-line-counter">6</span><span class="code"> -
                                    apiGroups: ["*"]</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/hunger-check/deployment.yaml</strong>
                            <span>Line 12</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{secret-reader}}.rules[0].resources shouldn't contain value: '*'</span>
                            <span><strong>Found:</strong> metadata.name={{secret-reader}}.rules[0].resources contains
                                value: '*'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">11</span><span class="code"> name:
                                    secret-reader</span></div>
                            <div class="code-line error"><span class="code-line-counter">12</span><span
                                    class="code">rules:</span></div>
                            <div class="code-line"><span class="code-line-counter">13</span><span class="code">-
                                    apiGroups: [""] # "" indicates the core API group</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/helm-tiller/pwnchart/templates/clusterrole.yaml</strong>
                            <span>Line 5</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{all-your-base}}.rules[0].verbs shouldn't contain value: '*'</span>
                            <span><strong>Found:</strong> metadata.name={{all-your-base}}.rules[0].verbs contains value:
                                '*'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">4</span><span class="code"> name:
                                    all-your-base</span></div>
                            <div class="code-line error"><span class="code-line-counter">5</span><span
                                    class="code">rules:</span></div>
                            <div class="code-line"><span class="code-line-counter">6</span><span class="code"> -
                                    apiGroups: ["*"]</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/helm-tiller/pwnchart/templates/clusterrole.yaml</strong>
                            <span>Line 5</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{all-your-base}}.rules[0].apiGroups shouldn't contain value: '*'</span>
                            <span><strong>Found:</strong> metadata.name={{all-your-base}}.rules[0].apiGroups contains
                                value: '*'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">4</span><span class="code"> name:
                                    all-your-base</span></div>
                            <div class="code-line error"><span class="code-line-counter">5</span><span
                                    class="code">rules:</span></div>
                            <div class="code-line"><span class="code-line-counter">6</span><span class="code"> -
                                    apiGroups: ["*"]</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="LOW">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Secrets As Environment Variables</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Secret
                                Management</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Container should not use secrets as
                            environment variables</span><span><a
                                href="https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-environment-variables"
                                rel="noopener"
                                target="_blank">https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-environment-variables</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-low">1</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/system-monitor/deployment.yaml</strong>
                            <span>Line 48</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                'spec.template.spec.containers.name={{system-monitor}}.env.name={{K8S_GOAT_VAULT_KEY}}.valueFrom.secretKeyRef'
                                is undefined</span>
                            <span><strong>Found:</strong>
                                'spec.template.spec.containers.name={{system-monitor}}.env.name={{K8S_GOAT_VAULT_KEY}}.valueFrom.secretKeyRef'
                                is defined</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">47</span><span class="code">
                                    valueFrom:</span></div>
                            <div class="code-line error"><span class="code-line-counter">48</span><span class="code">
                                    secretKeyRef:</span></div>
                            <div class="code-line"><span class="code-line-counter">49</span><span class="code"> name:
                                    goatvault</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="LOW">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Service Does Not Target Pod</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Insecure
                                Configurations</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Service should Target a
                            Pod</span><span><a href="https://kubernetes.io/docs/concepts/services-networking/service/"
                                rel="noopener"
                                target="_blank">https://kubernetes.io/docs/concepts/services-networking/service/</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-low">8</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/kubernetes-goat-home/deployment.yaml</strong>
                            <span>Line 33</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{kubernetes-goat-home-service}}.spec.selector label refers to a Pod
                                label</span>
                            <span><strong>Found:</strong> metadata.name={{kubernetes-goat-home-service}}.spec.selector
                                label does not match with any Pod label</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">32</span><span class="code">
                                    targetPort: 80</span></div>
                            <div class="code-line error"><span class="code-line-counter">33</span><span class="code">
                                    selector:</span></div>
                            <div class="code-line"><span class="code-line-counter">34</span><span class="code"> app:
                                    kubernetes-goat-home</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment-kind.yaml</strong>
                            <span>Line 43</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{health-check-service}}.spec.selector label refers to a Pod label</span>
                            <span><strong>Found:</strong> metadata.name={{health-check-service}}.spec.selector label
                                does not match with any Pod label</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">42</span><span class="code">
                                    targetPort: 80</span></div>
                            <div class="code-line error"><span class="code-line-counter">43</span><span class="code">
                                    selector:</span></div>
                            <div class="code-line"><span class="code-line-counter">44</span><span class="code"> app:
                                    health-check</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/system-monitor/deployment.yaml</strong>
                            <span>Line 61</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{system-monitor-service}}.spec.selector label refers to a Pod
                                label</span>
                            <span><strong>Found:</strong> metadata.name={{system-monitor-service}}.spec.selector label
                                does not match with any Pod label</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">60</span><span class="code">
                                    targetPort: 8080</span></div>
                            <div class="code-line error"><span class="code-line-counter">61</span><span class="code">
                                    selector:</span></div>
                            <div class="code-line"><span class="code-line-counter">62</span><span class="code"> app:
                                    system-monitor</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File: scenarios/build-code/deployment.yaml</strong>
                            <span>Line 33</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{build-code-service}}.spec.selector label refers to a Pod label</span>
                            <span><strong>Found:</strong> metadata.name={{build-code-service}}.spec.selector label does
                                not match with any Pod label</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">32</span><span class="code">
                                    targetPort: 3000</span></div>
                            <div class="code-line error"><span class="code-line-counter">33</span><span class="code">
                                    selector:</span></div>
                            <div class="code-line"><span class="code-line-counter">34</span><span class="code"> app:
                                    build-code</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/hunger-check/deployment.yaml</strong>
                            <span>Line 93</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{hunger-check-service}}.spec.selector label refers to a Pod label</span>
                            <span><strong>Found:</strong> metadata.name={{hunger-check-service}}.spec.selector label
                                does not match with any Pod label</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">92</span><span class="code">
                                    targetPort: 8080</span></div>
                            <div class="code-line error"><span class="code-line-counter">93</span><span class="code">
                                    selector:</span></div>
                            <div class="code-line"><span class="code-line-counter">94</span><span class="code"> app:
                                    hunger-check</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/poor-registry/deployment.yaml</strong>
                            <span>Line 33</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{poor-registry-service}}.spec.selector label refers to a Pod label</span>
                            <span><strong>Found:</strong> metadata.name={{poor-registry-service}}.spec.selector label
                                does not match with any Pod label</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">32</span><span class="code">
                                    targetPort: 5000</span></div>
                            <div class="code-line error"><span class="code-line-counter">33</span><span class="code">
                                    selector:</span></div>
                            <div class="code-line"><span class="code-line-counter">34</span><span class="code"> app:
                                    poor-registry</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/health-check/deployment.yaml</strong>
                            <span>Line 44</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{health-check-service}}.spec.selector label refers to a Pod label</span>
                            <span><strong>Found:</strong> metadata.name={{health-check-service}}.spec.selector label
                                does not match with any Pod label</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">43</span><span class="code">
                                    targetPort: 80</span></div>
                            <div class="code-line error"><span class="code-line-counter">44</span><span class="code">
                                    selector:</span></div>
                            <div class="code-line"><span class="code-line-counter">45</span><span class="code"> app:
                                    health-check</span></div>
                        </div>
                    </div>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/metadata-db/templates/service.yaml</strong>
                            <span>Line 3</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong>
                                metadata.name={{{}}}.spec.selector label refers to a Pod label</span>
                            <span><strong>Found:</strong> metadata.name={{{}}}.spec.selector label does not match with
                                any Pod label</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">2</span><span class="code">kind:
                                    Service</span></div>
                            <div class="code-line error"><span class="code-line-counter">3</span><span
                                    class="code">metadata:</span></div>
                            <div class="code-line"><span class="code-line-counter">4</span><span class="code"> name: {{
                                    include "metadata-db.fullname" . }}</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="LOW">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <path d="M0,0h24v24H0V0z" fill="none" />
                                    </g>
                                    <g>
                                        <g>
                                            <path
                                                d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z" />
                                            <rect height="2" width="2" x="11" y="14" />
                                            <rect height="5" width="2" x="11" y="7" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Service Type is NodePort</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Kubernetes</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Networking and
                                Firewall</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Service type should not be
                            NodePort</span><span><a
                                href="https://kubernetes.io/docs/concepts/services-networking/service/" rel="noopener"
                                target="_blank">https://kubernetes.io/docs/concepts/services-networking/service/</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-low">1</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                scenarios/internal-proxy/deployment.yaml</strong>
                            <span>Line 57</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> spec.type is not
                                'NodePort'</span>
                            <span><strong>Found:</strong> spec.type is 'NodePort'</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">56</span><span
                                    class="code">spec:</span></div>
                            <div class="code-line error"><span class="code-line-counter">57</span><span class="code">
                                    type: NodePort</span></div>
                            <div class="code-line"><span class="code-line-counter">58</span><span class="code">
                                    ports:</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="INFO">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <rect fill="none" height="24" width="24" />
                                    </g>
                                    <g>
                                        <g />
                                        <g>
                                            <path
                                                d="M21,5l-9-4L3,5v6c0,5.55,3.84,10.74,9,12c2.3-0.56,4.33-1.9,5.88-3.71l-3.12-3.12c-1.94,1.29-4.58,1.07-6.29-0.64 c-1.95-1.95-1.95-5.12,0-7.07c1.95-1.95,5.12-1.95,7.07,0c1.71,1.71,1.92,4.35,0.64,6.29l2.9,2.9C20.29,15.69,21,13.38,21,11V5z" />
                                            <circle cx="12" cy="12" r="3" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">APT-GET Not Avoiding Additional Packages</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Dockerfile</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Supply-Chain</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">Check if any apt-get installs don't
                            use '--no-install-recommends' flag to avoid installing additional packages.</span><span><a
                                href="https://docs.docker.com/engine/reference/builder/#run" rel="noopener"
                                target="_blank">https://docs.docker.com/engine/reference/builder/#run</a></span></div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-info">1</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/system-monitor/Dockerfile</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> 'RUN apt-get update &&
                                apt-get install -y htop libcap2-bin curl wget && cd /tmp; wget
                                https://github.com/yudai/gotty/releases/download/v1.0.1/gotty_linux_amd64.tar.gz && tar
                                -xvzf gotty_linux_amd64.tar.gz; mv gotty /usr/local/bin/gotty' uses
                                '--no-install-recommends' flag to avoid installing additional packages</span>
                            <span><strong>Found:</strong> 'RUN apt-get update && apt-get install -y htop libcap2-bin
                                curl wget && cd /tmp; wget
                                https://github.com/yudai/gotty/releases/download/v1.0.1/gotty_linux_amd64.tar.gz && tar
                                -xvzf gotty_linux_amd64.tar.gz; mv gotty /usr/local/bin/gotty' does not use
                                '--no-install-recommends' flag to avoid installing additional packages</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">RUN
                                    apt-get update && apt-get install -y htop \</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span class="code">
                                    libcap2-bin curl wget && \</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="INFO">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <rect fill="none" height="24" width="24" />
                                    </g>
                                    <g>
                                        <g />
                                        <g>
                                            <path
                                                d="M21,5l-9-4L3,5v6c0,5.55,3.84,10.74,9,12c2.3-0.56,4.33-1.9,5.88-3.71l-3.12-3.12c-1.94,1.29-4.58,1.07-6.29-0.64 c-1.95-1.95-1.95-5.12,0-7.07c1.95-1.95,5.12-1.95,7.07,0c1.71,1.71,1.92,4.35,0.64,6.29l2.9,2.9C20.29,15.69,21,13.38,21,11V5z" />
                                            <circle cx="12" cy="12" r="3" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Apk Add Using Local Cache Path</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Dockerfile</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Supply-Chain</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">When installing packages, use the
                            '--no-cache' switch to avoid the need to use '--update' and remove
                            '/var/cache/apk/*'</span><span><a
                                href="https://docs.docker.com/engine/reference/builder/#run" rel="noopener"
                                target="_blank">https://docs.docker.com/engine/reference/builder/#run</a></span></div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-info">1</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/k8s-goat-home/Dockerfile</strong>
                            <span>Line 7</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> 'RUN' does not contain
                                'apk add' command without '--no-cache' switch</span>
                            <span><strong>Found:</strong> 'RUN' contains 'apk add' command without '--no-cache'
                                switch</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">6</span><span class="code">ENV
                                    HUGO_BINARY hugo_${HUGO_VERSION}_Linux-64bit.tar.gz</span></div>
                            <div class="code-line error"><span class="code-line-counter">7</span><span class="code">RUN
                                    set -x && \</span></div>
                            <div class="code-line"><span class="code-line-counter">8</span><span class="code"> apk add
                                    --update wget git ca-certificates imagemagick && \</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <div data-type="severity" data-name="INFO">
            <hr class="separator">
            <div class="query">
                <div class="query-info">
                    <div class="query-title">
                        <h2>
                            <div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg"
                                    enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px"
                                    fill="#000000">
                                    <g>
                                        <rect fill="none" height="24" width="24" />
                                    </g>
                                    <g>
                                        <g />
                                        <g>
                                            <path
                                                d="M21,5l-9-4L3,5v6c0,5.55,3.84,10.74,9,12c2.3-0.56,4.33-1.9,5.88-3.71l-3.12-3.12c-1.94,1.29-4.58,1.07-6.29-0.64 c-1.95-1.95-1.95-5.12,0-7.07c1.95-1.95,5.12-1.95,7.07,0c1.71,1.71,1.92,4.35,0.64,6.29l2.9,2.9C20.29,15.69,21,13.38,21,11V5z" />
                                            <circle cx="12" cy="12" r="3" />
                                        </g>
                                    </g>
                                </svg></div><span class="query-name">Apt Get Install Lists Were Not Deleted</span>
                        </h2><span><strong>Platform:</strong> <span class="query-info-platform">Dockerfile</span></span>
                        <span><strong>Category:</strong> <span class="query-info-category">Supply-Chain</span></span>
                    </div>
                    <div class="query-details"><span class="query-description-title">After using apt-get install, it is
                            needed to delete apt-get lists</span><span><a
                                href="https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"
                                rel="noopener"
                                target="_blank">https://docs.docker.com/develop/develop-images/dockerfile_best-practices/</a></span>
                    </div>
                </div>
                <details>
                    <summary>Results (<span class="severity-partial-count-info">1</span>)</summary>
                    <div class="vulnerable-info">
                        <div class="vulnerable-info-header"><strong>File:
                                infrastructure/system-monitor/Dockerfile</strong>
                            <span>Line 4</span>
                        </div>
                        <div class="vulnerable-info-details"><span><strong>Expected:</strong> After using apt-get
                                install, it is needed to delete apt-get lists</span>
                            <span><strong>Found:</strong> After using apt-get install, the apt-get lists were not
                                deleted</span>
                        </div>
                        <div class="code-box">
                            <div class="code-line"><span class="code-line-counter">3</span><span class="code"></span>
                            </div>
                            <div class="code-line error"><span class="code-line-counter">4</span><span class="code">RUN
                                    apt-get update && apt-get install -y htop \</span></div>
                            <div class="code-line"><span class="code-line-counter">5</span><span class="code">
                                    libcap2-bin curl wget && \</span></div>
                        </div>
                    </div>
                </details>
            </div>
        </div>
        <hr class="separator">
        <div class="kics-message">KICS is open and will always stay such. Both the scanning engine and the security
            queries are clear and open for the software development community.</div>
        <div class="love">Spread the love:</div>
        <div class="social-networks"><a href="https://github.com/Checkmarx/kics/" rel="noopener" target="_blank">
                <div><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 20 20">
                        <g fill="none" fill-rule="evenodd">
                            <g fill="#626264" fill-rule="nonzero">
                                <g>
                                    <g>
                                        <path
                                            d="M13.172 19.5c2-.688 3.633-1.898 4.898-3.633 1.266-1.734 1.899-3.695 1.899-5.883 0-1.312-.25-2.586-.75-3.82S18 3.844 17.062 2.906C16.125 1.97 15.04 1.25 13.806.75 12.57.25 11.297 0 9.985 0c-1.313 0-2.587.25-3.82.75-1.235.5-2.321 1.219-3.259 2.156C1.97 3.844 1.25 4.93.75 6.164.25 7.398 0 8.672 0 9.984c0 2.188.633 4.149 1.898 5.883 1.266 1.735 2.915 2.945 4.946 3.633.218.031.383-.008.492-.117.11-.11.164-.242.164-.399v-1.687c-1.156.25-2.063.094-2.719-.469-.294-.214-.497-.463-.608-.746l-.048-.145c-.125-.343-.297-.64-.516-.89-.125-.188-.265-.328-.421-.422L3 14.485c-.25-.188-.375-.329-.375-.422 0-.094.078-.141.234-.141l.235-.047c.406.031.781.219 1.125.563.15.124.26.25.33.374l.045.094c.406.656.937 1.016 1.593 1.078.407.032.86-.046 1.36-.234.062-.594.266-1.047.61-1.36-1.376-.156-2.407-.53-3.095-1.124-.968-.813-1.453-2.079-1.453-3.797 0-1.031.344-1.922 1.032-2.672-.125-.281-.188-.594-.188-.938-.062-.562.031-1.14.281-1.734h.282c.25 0 .546.063.89.188.5.187 1.032.468 1.594.843.781-.218 1.61-.328 2.484-.328.875 0 1.704.11 2.485.328.812-.531 1.515-.86 2.11-.984.26-.052.455-.072.585-.059l.07.012c.25.594.344 1.172.282 1.734 0 .344-.063.657-.188.938.688.75 1.031 1.64 1.031 2.672 0 1.75-.484 3.015-1.453 3.797-.719.593-1.75.968-3.094 1.125.438.406.657 1.03.657 1.875v2.718c0 .157.054.29.164.399.11.11.289.148.539.117z"
                                            transform="translate(-358 -1497) translate(0 1332) translate(358 165)" />
                                    </g>
                                </g>
                            </g>
                        </g>
                    </svg></div>
            </a></div>
        <div class="report-header-footer"><span class="footer-text">The KICS project is powered by&nbsp;<a
                    href="https://www.checkmarx.com/" class="checkmarx" rel="noopener" target="_blank">Checkmarx</a>,
                global leader of Application Security Testing</span></div>
    </div>
</body>

</html>